Filter
AND
-Infinity
0
Trending
Software
apache http server
37
apache struts 2
27
apache ofbiz
20
apache openoffice
20
apache dubbo
13
apache hadoop
12
apache traffic server
12
apache airflow
11
apache log4j
11
apache inlong
10
apache shiro
9
apache solr
8
apache activemq
7
apache cloudstack
7
apache kylin
7
apache couchdb
6
apache cxf
6
apache geode
6
apache ignite
5
apache linkis
5
apache openmeetings
5
apache superset
5
apache tapestry
5
apache airflow hive provider
4
apache dolphinscheduler
4
apache fineract
4
apache iotdb
4
apache nifi
4
apache nuttx
4
apache portable runtime
4
apache ranger
4
apache spark
4
apache storm
4
apache struts 2 showcase
4
apache submarine
4
apache tomee
4
apache ambari
3
apache any23
3
apache cassandra
3
apache flume
3
apache james
3
apache jmeter
3
apache karaf
3
apache ozone
3
apache pulsar
3
apache shenyu
3
apache traffic control
3
apache xerces-c++
3
apache apisix
2
apache batik
2
Apache ActiveMQ NMS OpenWire ClientApache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass
9.8
First published (updated )
Apache ParquetApache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
First published (updated )
Apache PinotApache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required
9.8
First published (updated )
Apache Seata ServerApache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server
9.8
First published (updated )
maven/org.apache.tomcat.embed:tomcat-embed-coreApache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache RangerApache Ranger: Improper Neutralization of Formula Elements in a CSV File
9.8
First published (updated )
Apache EventMeshApache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution
9.8
First published (updated )
Apache IgniteApache Ignite: Possible RCE when deserializing incoming messages by the server node
9.5
First published (updated )
Apache FineractApache Fineract: SQL injection vulnerabilities in offices API endpoint
9.4
First published (updated )
Apache RangerApache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost
9.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.openmeetings:openmeetings-parentApache OpenMeetings: Deserialisation of untrusted data in cluster mode
9.8
First published (updated )
IBM Operational Decision ManagerApache MINA: MINA applications using unbounded deserialization may allow RCE
10
First published (updated )
go/github.com/apache/trafficcontrol/v8Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments
9.9
First published (updated )
ArrowApache Arrow R package: Arbitrary code execution when loading a malicious data file
9.8
First published (updated )
Apache CloudStackApache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure
9.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.seata:seata-coreApache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server
9.8
First published (updated )
Apache OFBizApache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
9.8
First published (updated )
Apache OFBizApache OFBiz Forced Browsing Vulnerability
First published (updated )
Dromara HertzbeatGHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull}
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
pip/apache-airflow-providers-fabApache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow
9.8
First published (updated )
Apache OFBizApache OFBiz Incorrect Authorization Vulnerability
First published (updated )
maven/org.apache.inlong:tubemq-coreApache InLong TubeMQ Client: Remote Code Execution vulnerability
9.8
First published (updated )
Apache Traffic ServerApache Traffic Server: Incomplete check for chunked trailer section allows request smuggling
9.1
First published (updated )
maven/org.apache.drill.exec:drill-java-execApache Drill: XXE Vulnerability in XML Format Reader
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.cxf:cxf-rt-rs-service-descriptionApache CXF: SSRF vulnerability via WADL stylesheet parameter
9.1
First published (updated )
Apache Http ServerApache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
9.1
First published (updated )
pip/apache-supersetApache Superset: Improper SQL authorisation, parse not checking for specific engine functions
9.8
First published (updated )
CVE-2024-38346Apache CloudStack: Unauthenticated cluster service port leads to remote execution
9.8
First published (updated )
CVE-2024-39864Apache CloudStack: Integration API service uses dynamic port when disabled
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.