Vulnerabilities in Apache Software Foundation

1,872 results
CVE-2022-30556Information Disclosure in mod_lua with websocketsEPSS 4.7%CVE-2018-1317In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without aEPSS 4.7%CVE-2022-25167Apache Flume vulnerable to a JNDI RCE in JMSSourceEPSS 4.6%CVE-2024-34750HIGHApache Tomcat: HTTP/2 excess header handling DoSEPSS 4.6%CVE-2017-5644Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted EPSS 4.6%CVE-2020-9493Java deserialization in ChainsawEPSS 4.6%CVE-2021-26697Apache Airflow: Lineage API endpoint for Experimental API missed authentication checkEPSS 4.6%CVE-2018-1309Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code executiEPSS 4.5%CVE-2020-1940The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitEPSS 4.5%CVE-2018-1313In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a databaseEPSS 4.5%CVE-2018-1331In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a securEPSS 4.5%CVE-2017-17837The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off aftEPSS 4.5%CVE-2018-8003Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP reqEPSS 4.5%CVE-2021-21501ServiceComb ServiceCenter Directory TraversalEPSS 4.4%CVE-2022-23437Infinite loop within Apache XercesJ xml parserEPSS 4.4%CVE-2024-39887MEDIUMApache Superset: Improper SQL authorisation, parse not checking for specific engine functionsEPSS 4.4%CVE-2021-43350LDAP filter injection vulnerability in Traffic OpsEPSS 4.4%CVE-2022-28614read beyond bounds via ap_rwrite()EPSS 4.4%CVE-2010-2232In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.EPSS 4.4%CVE-2025-53020HIGHApache HTTP Server: HTTP/2 DoS by Memory IncreaseEPSS 4.4%