Filter
AND
-Infinity
0
Trending
Software
apache http server
184
apache airflow
50
apache superset
38
apache struts 2
34
apache cxf
24
apache openoffice
24
apache activemq
21
apache nifi
19
apache jspwiki
18
apache ofbiz
16
apache solr
15
apache archiva
14
apache tika
14
apache cloudstack
12
apache couchdb
12
apache qpid
12
apache ambari
10
apache traffic server
9
apache wicket
9
apache atlas
8
apache pulsar
8
apache ranger
8
apache commons httpclient
7
apache druid
7
apache hadoop
7
apache hive
7
apache james
7
apache openmeetings
7
apache poi
7
apache roller
7
apache spark
7
apache cordova
6
apache geode
6
apache pdfbox
6
apache sling api
6
apache syncope
6
apache batik
5
apache commons compress
5
apache dolphinscheduler
5
apache guacamole
5
apache kafka
5
apache karaf
5
apache pluto
5
apache portable runtime
5
apache santuario
5
apache zeppelin
5
apache activemq artemis
4
apache allura
4
apache answer
4
apache axis
4
maven/org.apache.felix:org.apache.felix.webconsoleApache Felix Webconsole: XSS in services console
6.1
EPSS
0.04%
First published (updated )
Apache KvrocksApache Kvrocks: Cross-Protocol Scripting Vulnerability
6.5
EPSS
0.04%
First published (updated )
Apache DorisApache Doris: allows admin users to read arbitrary files through the REST API
5.4
First published (updated )
maven/org.apache.cassandra:cassandra-allApache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
5.4
EPSS
0.04%
First published (updated )
maven/org.apache.cassandra:cassandra-allApache Cassandra: unrestricted deserialization of JMX authentication credentials
5.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache HiveApache Hive: Credentials file created with non restrictive permissions
5.5
First published (updated )
Apache HiveApache Hive: Timing Attack Against Signature in LLAP util
6.5
First published (updated )
Apache SolrApache Solr: Configset upload on Windows allows arbitrary path write-access
5.4
First published (updated )
Apache SolrApache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files
5.4
EPSS
0.04%
First published (updated )
maven/org.apache.wicket:wicket-coreApache Wicket: An attacker can intentionally trigger a memory leak
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache CloudStackApache CloudStack: Unauthorised access to annotations
4.3
EPSS
0.04%
First published (updated )
maven/org.apache.nifi:nifi-web-apiApache NiFi: Missing Complete Authorization for Parameter and Service References
5.4
First published (updated )
pip/apache-supersetApache Superset: Error verbosity exposes metadata in analytics databases
5.3
First published (updated )
Apache NiFiApache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log
6.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache KafkaFiles or Directories Accessible to External Parties, Improper Privilege Management vulnerability in …
First published (updated )
Apache NiFiApache NiFi: Improper Neutralization of Input in Parameter Description
4.6
First published (updated )
CVE-2024-45461Apache CloudStack Quota plugin: Access checks not enforced in Quota
6.3
First published (updated )
Apache Commons IOUncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.inp…
First published (updated )
maven/org.apache.druid:druidApache Druid: Users can provide MySQL JDBC properties not on allow list
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.druid.extensions:druid-pac4jApache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack
5.3
First published (updated )
Apache ActiveMQActiveMQ Content Pack: Cleartext Exposure of Credentials
EPSS
0.04%
First published (updated )
Apache Portable RuntimeApache Portable Runtime (APR): Unexpected lax shared memory permissions
5.5
First published (updated )
pip/apache-airflowApache Airflow: Stored XSS Vulnerability on provider link
6.1
First published (updated )
maven/org.apache.sshd:sshd-commonApache MINA SSHD: integrity check bypass
5.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/apache/incubator-answerApache Answer: The link for resetting user password is not Single-Use
5.3
First published (updated )
go/github.com/apache/incubator-answerApache Answer: The link to reset the user's password will remain valid after sending a new link
5.3
First published (updated )
Apache CloudStackApache CloudStack: Unauthorised Network List Access
4.3
First published (updated )
maven/org.apache.linkis:linkisApache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability
4.9
First published (updated )
Apache RollerApache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.