Filter
AND
-Infinity
0
Trending
Software
apache http server
105
apache traffic server
47
apache openoffice
27
apache struts 2
24
apache airflow
21
apache nifi
19
apache solr
18
apache hadoop
15
apache cxf
14
apache inlong
13
apache openmeetings
13
apache ofbiz
12
apache dolphinscheduler
10
apache activemq
9
apache superset
9
apache fineract
8
apache geode
8
apache spark
8
apache ambari
7
apache batik
7
apache cordova
7
apache guacamole
7
apache james
7
apache kylin
7
apache pulsar
7
apache activemq artemis
6
apache cassandra
6
apache commons beanutils
6
apache commons compress
6
apache hive
6
apache iotdb
6
apache ranger
6
apache shiro
6
apache tapestry
6
apache tika
6
apache cxf fediz
5
apache log4j
5
apache shenyu
5
apache thrift
5
apache wicket
5
apache xerces-c++
5
apache archiva
4
apache atlas
4
apache avro
4
apache bookkeeper
4
apache cloudstack
4
apache couchdb
4
apache hbase
4
apache kafka
4
apache karaf
4
Apache KylinApache Kylin: The remote code execution via jdbc url
7.2
EPSS
0.06%
First published (updated )
Apache Virtual Computing LabApache VCL: XSS vulnerability in User Lookup impacting user privileges
8.4
First published (updated )
Apache Commons VFSApache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT
7.5
EPSS
0.10%
First published (updated )
Apache CassandraCassandra-Lucene-Index allows bypass of Cassandra RBAC
8.8
EPSS
0.05%
First published (updated )
Apache AtlasApache Atlas: An authenticated user can perform XSS and potentially impersonate another user
7.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache ShardingSphere ElasticJob-UIApache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC
8.5
First published (updated )
Apache JamesApache James: denial of service through JMAP HTML to text conversion
7.5
First published (updated )
maven/org.apache.james.protocols:protocols-imapApache James: denial of service through the use of IMAP literals
8.6
First published (updated )
maven/org.apache.cassandra:cassandra-allApache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
8.8
EPSS
0.04%
First published (updated )
Apache CocoonApache Cocoon: continuations may not be private
7.5
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AmbariApache Ambari: Code Injection Vulnerability in Ambari Alert Definition
8.8
EPSS
0.04%
First published (updated )
Apache AmbariApache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie
7.5
EPSS
0.04%
First published (updated )
Apache CXFApache CXF: Denial of Service vulnerability with temporary files
7.5
EPSS
0.09%
First published (updated )
Apache MINAThe ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process…
7
First published (updated )
pip/apache-supersetApache Superset: SQLLab Improper readonly query validation allows unauthorized write access
7.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
pip/apache-supersetApache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled
7.6
First published (updated )
Dromara HertzbeatApache HertzBeat: RCE by notice template injection vulnerability
8.8
First published (updated )
Dromara HertzbeatApache HertzBeat: Exposure sensitive token via http GET method with query string
7.5
First published (updated )
Dromara HertzbeatApache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache OFBizApache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE)
8.9
First published (updated )
Apache LuceneApache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator
8.1
First published (updated )
Tomcattomcat packaging allows for escalation to root from tomcat user
7.8
First published (updated )
Apache CloudStackApache CloudStack: Request origin validation bypass makes account takeover possible
8.8
First published (updated )
Apache CloudStackApache CloudStack: Incomplete session invalidation on web interface logout
7.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.activemq:artemis-cliApache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
8.8
First published (updated )
SubversionApache Subversion: Command line argument injection on Windows platforms
8.2
First published (updated )
Apache LuceneApache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue
8
First published (updated )
maven/org.apache.maven.plugins:maven-archetype-pluginMaven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
7.5
First published (updated )
TomcatTomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryErro…
7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.