apache
3,096 tracked vulnerabilities.
CVE-2016-2162
MEDIUM
Apache Struts 2.x < 2.3.25 - Cross-Site Scripting via I18NInterceptor Locale Handling
Apr 12, 2016
CVSS 6.1
EPSS 0.08
CVE-2016-0785
HIGH
Apache Struts 2.0.0-2.3.20.3 - Remote Code Execution via Forced Double OGNL Evaluation
Apr 12, 2016
CVSS 8.8
EPSS 0.09
CVE-2016-2170
CRITICAL
Apache OFBiz 12.04-12.04.05 and 13.07-13.07.02 - Remote Code Execution via Deserialization
Apr 12, 2016
CVSS 9.8
EPSS 0.13
CVE-2016-2166
MEDIUM
Apache Qpid Proton < 0.12.1 - Unencrypted Connection for AMQPS URI Scheme
Apr 12, 2016
CVSS 6.5
EPSS 0.04
CVE-2016-0733
CRITICAL
Apache Ranger < 0.5.1 - Unauthenticated Authentication Bypass via Missing Password
Apr 12, 2016
CVSS 9.8
EPSS 0.03
CVE-2016-0735
HIGH
Apache Ranger 0.5.0-0.5.1 - Authenticated Access Control Bypass via Exclude Policy Mishandling
Apr 11, 2016
CVSS 8.8
EPSS 0.02
CVE-2016-2171
HIGH
Apache Jetspeed < 2.3.0 - Unauthenticated User Management via REST API
Apr 11, 2016
CVSS 7.5
EPSS 0.43
CVE-2016-2164
HIGH
Apache OpenMeetings < 3.1.1 - Arbitrary File Read via FileService SOAP API
Apr 11, 2016
CVSS 7.5
EPSS 0.07
CVE-2016-2163
MEDIUM
Apache OpenMeetings < 3.1.1 - Cross-Site Scripting via Event Description
Apr 11, 2016
CVSS 6.1
EPSS 0.08
CVE-2016-0784
MEDIUM
Apache OpenMeetings <3.1.1 - Path Traversal
Apr 11, 2016
CVSS 6.5
EPSS 0.56
CVE-2016-0783
HIGH
Apache OpenMeetings <3.1.1 - Info Disclosure
Apr 11, 2016
CVSS 7.5
EPSS 0.07
CVE-2016-0712
MEDIUM
Apache Jetspeed < 2.3.1 - Cross-Site Scripting via PATH_INFO
Apr 11, 2016
CVSS 6.1
EPSS 0.03
CVE-2016-0711
MEDIUM
Apache Jetspeed < 2.3.1 - Cross-Site Scripting via Title Parameter
Apr 11, 2016
CVSS 6.1
EPSS 0.03
CVE-2016-0710
HIGH
Apache Jetspeed Arbitrary File Upload
Apr 11, 2016
CVSS 8.8
EPSS 0.52
CVE-2016-0709
HIGH
Apache Jetspeed <2.3.1 - Path Traversal
Apr 11, 2016
CVSS 7.2
EPSS 0.77
CVE-2016-0734
MEDIUM
Apache ActiveMQ 5.x < 5.13.2 - Clickjacking via Missing X-Frame-Options Header
Apr 07, 2016
CVSS 6.1
EPSS 0.08
CVE-2016-0763
MEDIUM
Apache Tomcat <7.0.68, <8.0.31, <9.0.0.M3 - Privilege Escalation
Feb 25, 2016
CVSS 6.3
EPSS 0.11
CVE-2016-0714
HIGH
Apache Tomcat <6.0.45-9.0.0.M2 - Privilege Escalation
Feb 25, 2016
CVSS 8.8
EPSS 0.13
CVE-2016-0706
MEDIUM
Apache Tomcat <6.0.45-9.0.0.M2 - Auth Bypass
Feb 25, 2016
CVSS 4.3
EPSS 0.06
CVE-2016-0956
HIGH
Apache Sling 2.3.6 - Info Disclosure
Feb 10, 2016
CVSS 7.5
EPSS 0.46
CVE-2015-2992
MEDIUM
Apache Struts < 2.3.20 - Cross-Site Scripting
Feb 27, 2020
CVSS 6.1
EPSS 0.06
CVE-2015-7559
LOW
Apache ActiveMQ < 5.14.5 - Denial of Service via Remote Shutdown Command
Aug 01, 2019
CVSS 2.7
EPSS 0.02
CVE-2015-0203
MEDIUM
Apache Qpid < 0.30 - Authenticated Denial of Service via AMQP Message
Feb 21, 2018
CVSS 6.5
EPSS 0.09
CVE-2015-3249
CRITICAL
Apache Traffic Server <5.3.1 - DoS/Code Injection
Oct 30, 2017
CVSS 9.8
EPSS 0.05
CVE-2015-0226
HIGH
Apache WSS4J < 1.6.17 and 2.0.0-2.0.1 - Information Disclosure via Decryption Failure Handling
Oct 30, 2017
CVSS 7.5
EPSS 0.06
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters