Filters
Software
apache http server
33
apache struts
27
apache ofbiz
20
apache openoffice
19
apache dubbo
13
apache hadoop
12
apache traffic server
12
apache airflow
11
apache camel
9
apache inlong
9
apache shiro
9
apache solr
8
apache tomcat
8
apache activemq
7
apache cloudstack
7
apache kylin
7
apache log4j
7
apache couchdb
6
apache cxf
6
apache geode
6
apache linkis
5
apache tapestry
5
apache ignite
4
apache iotdb
4
apache nifi
4
apache nuttx
4
apache openmeetings
4
apache portable runtime
4
apache spamassassin
4
apache spark
4
apache storm
4
apache submarine
4
apache superset
4
apache tomee
4
apache ambari
3
apache any23
3
apache apache-airflow-providers-apache-hive
3
apache cassandra
3
apache dolphinscheduler
3
apache fineract
3
apache flume
3
apache geronimo
3
apache jmeter
3
apache karaf
3
apache netbeans
3
apache ozone
3
apache shenyu
3
apache struts 2
3
apache xerces-c\+\+
3
apache apisix
2
apache cocoon
2
apache commons configuration
2
apache derby
2
apache groovy
2
apache heron
2
apache hive
2
apache impala
2
apache james
2
apache jetspeed
2
apache log4j2
2
apache mesos
2
apache nutch
2
apache openwhisk
2
apache pulsar
2
apache qpid broker-j
2
apache ranger
2
apache rocketmq
2
apache roller
2
apache shardingsphere
2
apache sling
2
apache streampark
2
apache subversion
2
apache syncope
2
apache tika
2
apache traffic control
2
apache unomi
2
apache xml-rpc
2
apache accumulo
1
apache activemq apollo
1
apache activemq legacy openwire module
1
apache airflow hive provider
1
apache airflow's experimental api
1
apache apache
1
apache apache calcite avatica
1
apache apache-airflow-providers-apache-pig
1
apache apache-airflow-providers-apache-pinot
1
apache apache-airflow-providers-apache-sqoop
1
apache apache-airflow-providers-fab
1
apache apache-airflow-providers-google
1
apache apache-airflow-providers-mysql
1
apache apisix dashboard
1
apache apr-util
1
apache archiva
1
apache aurora
1
apache avro
1
apache axis
1
apache axis2
1
apache batik
1
apache bookkeeper
1
apache brooklyn
1
apache brpc
1
apache calcite
1
apache chainsaw
1
apache commons bcel
1
apache commons collections
1
apache commons fileupload
1
apache commons jelly
1
apache commons text
1
apache cordova
1
apache cordova in-app-browser
1
apache cordova inappbrowser
1
apache cxf fediz
1
apache ddlutils
1
apache directory ldap api
1
apache directory studio
1
apache drill
1
apache druid
1
apache eventmesh
1
apache flex blazeds
1
apache flink
1
apache gobblin
1
apache helix
1
apache hertzbeat
1
apache httpclient
1
apache hugegraph
1
apache hugegraph-server
1
apache identity backend
1
apache iotdb web workbench
1
apache ivy
1
apache jackrabbit
1
apache james server
1
apache jclouds
1
apache jena
1
apache jena sdb
1
apache jspwiki
1
apache juddi
1
apache kerby
1
apache ldap studio
1
apache log4net
1
apache maven
1
apache maven shared utils
1
apache mod perl
1
apache myfaces trinidad
1
apache nifi minifi c\+\+
1
apache olingo
1
apache opennlp
1
apache openoffice.org
1
apache pdfbox
1
apache pinot
1
apache pony mail
1
apache pyarrow
1
apache rust sgx sdk
1
apache seata
1
apache skywalking
1
apache sling commons json
1
apache soap
1
apache sshd
1
apache struts 1
1
apache struts2-showcase
1
apache synapse
1
apache thrift
1
apache tomcat jk connector
1
apache velocity engine
1
apache virtual computing lab
1
apache wicket
1
apache ws-xmlrpc
1
apache wss4j
1
apache xmlbeans
1
apache zeppelin
1
apache zookeeper
1
maven/org.apache.seata:seata-coreApache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server
9.8
First published (updated )
Apache OFBizApache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
9.8
First published (updated )
Apache OFBizApache OFBiz: Confused controller-view authorization logic (forced browsing)
9.8
First published (updated )
Apache HertzbeatGHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull}
9.8
First published (updated )
Apache Apache-airflow-providers-fabApache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache OFBizApache OFBiz Incorrect Authorization Vulnerability
First published (updated )
maven/org.apache.inlong:tubemq-coreApache InLong TubeMQ Client: Remote Code Execution vulnerability
9.8
First published (updated )
Apache Traffic ServerApache Traffic Server: Incomplete check for chunked trailer section allows request smuggling
9.1
First published (updated )
maven/org.apache.drill.exec:drill-java-execApache Drill: XXE Vulnerability in XML Format Reader
9.8
First published (updated )
maven/org.apache.cxf:cxf-rt-rs-service-descriptionApache CXF: SSRF vulnerability via WADL stylesheet parameter
9.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache HTTP serverApache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
9.1
First published (updated )
Apache CloudStackApache CloudStack: Unauthenticated cluster service port leads to remote execution
9.8
First published (updated )
Apache CloudStackApache CloudStack: Integration API service uses dynamic port when disabled
9.8
First published (updated )
F5 Traffix SDCApache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
9.8
First published (updated )
F5 BIG-IPApache HTTP Server weakness with encoded question marks in backreferences
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.submarine:submarine-server-coreApache Submarine Server Core: authorization bypass
9.8
First published (updated )
pip/apache-submarineApache Submarine Commons Utils: default secret
9.8
First published (updated )
Apache OFBizApache OFBiz Path Traversal Vulnerability
First published (updated )
maven/org.apache.hugegraph:hugegraph-coreApache HugeGraph-Server Improper Access Control Vulnerability
First published (updated )
pip/apache-supersetApache Superset: Stored XSS in Dashboard Title and Chart Title
9.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache IoTDBApache IoTDB: Remote Code Execution (RCE) risk via the UDF
9.8
First published (updated )
maven/org.apache.inlong:manager-pojoApache InLong: Remote Code Execution vulnerability in Apache InLong Manager
9.8
First published (updated )
Apache OFBizApache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability
First published (updated )
maven/org.apache.iotdb:iotdb-parentApache IoTDB: Unsafe deserialize map in Sync Tool
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache DubboApache Dubbo: Bypass deny serialize list check in Apache Dubbo
9.8
First published (updated )
maven/org.apache.dubbo:dubboBypass serialize checks in Apache Dubbo
9.8
First published (updated )
maven/org.apache.struts:struts2-coreApache Struts: File upload component had a directory traversal vulnerability
9.8
First published (updated )
Apache OFBizPre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present
First published (updated )
Apache CocoonApache Cocoon's StreamGenerator is vulnerable to XXE injection
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache CocoonApache Cocoon: SQL injection in DatabaseCookieAuthenticatorAction
9.8
First published (updated )
pip/apache-submarineApache Submarine: SQL injection from unauthorized login
9.8
First published (updated )
maven/org.apache.derby:derbyApache Derby: LDAP injection vulnerability in authenticator
9.8
First published (updated )
Apache SubmarineApache Submarine: Fix CVE-2022-1471 SnakeYaml unsafe deserialization
9.8
First published (updated )
pip/pyarrowPyArrow, PyArrow: Arbitrary code execution when loading a malicious data file
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
ubuntu/activemqApache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
First published (updated )
Apache InLongApache InLong: Jdbc Connection Security Bypass in InLong
9.8
First published (updated )
ubuntu/zookeeperApache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
9.1
First published (updated )
IBM Cognos AnalyticsApache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
9.8
First published (updated )
Apache AxisApache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache Traffic ServerApache Traffic Server: Differential fuzzing for HTTP request parsing discrepancies
9.1
First published (updated )
Apache HelixApache Helix: Deserialization vulnerability in Helix workflow and REST
9.8
First published (updated )
Apache JackrabbitApache Jackrabbit RMI access can lead to RCE
9.8
First published (updated )
Apache InLongApache InLong: SQL injection in audit endpoint
9.8
First published (updated )
Apache ShiroApache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests.
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache EventMeshApache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted data
9.8
First published (updated )
Apache RocketMQApache RocketMQ: Possible remote code execution when using the update configuration function
First published (updated )
Apache PulsarApache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy
9.6
First published (updated )
Apache Apache-airflow-providers-apache-hiveApache Airflow Hive Provider Beeline RCE with Principal
9.8
First published (updated )
Apache AccumuloApache Accumulo: Accumulo 2.1.0 may incorrectly validate cached credentials
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.