Vulnerabilities in Apache Software Foundation
1,872 resultsCVE-2021-44140—Arbitrary file deletion on logoutEPSS 6.2%CVE-2022-34305—XSS in examples web applicationEPSS 6.2%CVE-2019-0223—While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and itEPSS 6.2%CVE-2022-40146—Jar url should be blocked by DefaultScriptSecurityEPSS 6.1%CVE-2020-1946—Apache SpamAssassin has an OS Command Injection vulnerabilityEPSS 6.1%CVE-2016-6810—In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based admiEPSS 6.1%CVE-2017-9801—When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitraEPSS 6.0%CVE-2021-37608—Arbitrary file upload vulnerability in OFBizEPSS 6.0%CVE-2021-45029—Apache ShenYu 2.4.1 Groovy Code Injection & SpEL InjectionEPSS 6.0%CVE-2018-1328—Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph".EPSS 6.0%CVE-2024-29868CRITICALApache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token GenerationEPSS 6.0%CVE-2024-30188HIGHApache DolphinScheduler: Resource File Read And Write VulnerabilityEPSS 6.0%CVE-2024-27135HIGHApache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code ExecutionEPSS 6.0%CVE-2023-41080—Apache Tomcat: Open redirect with FORM authenticationEPSS 6.0%CVE-2018-17197—A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.EPSS 5.9%CVE-2024-28752CRITICALApache CXF SSRF Vulnerability using the Aegis databindingEPSS 5.8%CVE-2023-45648MEDIUMApache Tomcat: Trailer header parsing too lenientEPSS 5.8%CVE-2020-11995—Apache Dubbo default deserialization protocol Hessian2 cause CREEPSS 5.8%CVE-2021-38153—Timing Attack Vulnerability for Apache Kafka Connect and ClientsEPSS 5.8%CVE-2019-10095—bash command injection in spark interpreterEPSS 5.7%