Filter
AND
-Infinity
0
Trending
Software
apache http server
105
apache traffic server
48
apache openoffice
27
apache struts 2
24
apache airflow
21
apache nifi
19
apache solr
18
apache hadoop
15
apache cxf
14
apache inlong
13
apache openmeetings
13
apache ofbiz
12
apache dolphinscheduler
10
apache activemq
9
apache superset
9
apache fineract
8
apache geode
8
apache spark
8
apache ambari
7
apache batik
7
apache cordova
7
apache guacamole
7
apache james
7
apache kylin
7
apache pulsar
7
apache activemq artemis
6
apache cassandra
6
apache commons beanutils
6
apache commons compress
6
apache hive
6
apache iotdb
6
apache ranger
6
apache shiro
6
apache tapestry
6
apache tika
6
apache cxf fediz
5
apache log4j
5
apache shenyu
5
apache thrift
5
apache wicket
5
apache xerces-c++
5
apache archiva
4
apache atlas
4
apache avro
4
apache bookkeeper
4
apache cloudstack
4
apache couchdb
4
apache hbase
4
apache kafka
4
apache karaf
4
OpenID mod_auth_openidcmod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data
8.2
EPSS
0.12%
First published (updated )
Apache Airflow Common SQL ProviderApache Airflow Common SQL Provider: Remote Code Execution via Sql Injection
8.8
First published (updated )
Apache Traffic ServerApache Traffic Server: Malformed chunked message body allows request smuggling
7.5
First published (updated )
Apache KylinApache Kylin: The remote code execution via jdbc url
7.2
EPSS
0.08%
First published (updated )
Apache Virtual Computing LabApache VCL: XSS vulnerability in User Lookup impacting user privileges
8.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache Commons VFSApache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT
7.5
EPSS
0.13%
First published (updated )
Apache CassandraCassandra-Lucene-Index allows bypass of Cassandra RBAC
8.8
EPSS
0.05%
First published (updated )
Apache AtlasApache Atlas: An authenticated user can perform XSS and potentially impersonate another user
7.1
First published (updated )
Apache ShardingSphere ElasticJob-UIApache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC
8.5
First published (updated )
Apache JamesApache James: denial of service through JMAP HTML to text conversion
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.james.protocols:protocols-imapApache James: denial of service through the use of IMAP literals
8.6
First published (updated )
maven/org.apache.cassandra:cassandra-allApache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
8.8
EPSS
0.04%
First published (updated )
Apache CocoonApache Cocoon: continuations may not be private
7.5
EPSS
0.04%
First published (updated )
Apache AmbariApache Ambari: Code Injection Vulnerability in Ambari Alert Definition
8.8
EPSS
0.04%
First published (updated )
Apache AmbariApache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie
7.5
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache CXFApache CXF: Denial of Service vulnerability with temporary files
7.5
EPSS
0.09%
First published (updated )
Apache MINAThe ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process…
7
First published (updated )
pip/apache-supersetApache Superset: SQLLab Improper readonly query validation allows unauthorized write access
7.1
First published (updated )
pip/apache-supersetApache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled
7.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Dromara HertzbeatApache HertzBeat: RCE by notice template injection vulnerability
8.8
First published (updated )
Dromara HertzbeatApache HertzBeat: Exposure sensitive token via http GET method with query string
7.5
First published (updated )
Dromara HertzbeatApache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities
8.8
First published (updated )
Apache OFBizApache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE)
8.9
EPSS
0.06%
First published (updated )
Apache LuceneApache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Tomcattomcat packaging allows for escalation to root from tomcat user
7.8
First published (updated )
Apache CloudStackApache CloudStack: Request origin validation bypass makes account takeover possible
8.8
First published (updated )
Apache CloudStackApache CloudStack: Incomplete session invalidation on web interface logout
7.1
First published (updated )
maven/org.apache.activemq:artemis-cliApache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
8.8
First published (updated )
SubversionApache Subversion: Command line argument injection on Windows platforms
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.