Vulnerabilities in Apache Software Foundation

1,872 results

CVE-2019-17567—mod_proxy_wstunnel tunneling of non Upgraded connectionsEPSS 60.3%CVE-2019-0190—A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modEPSS 59.9%CVE-2024-27136MEDIUMApache JSPWiki: Cross-site scripting vulnerability on upload pageEPSS 59.4%CVE-2025-30676MEDIUMApache OFBiz: Stored XSS VulnerabilityEPSS 59.3%CVE-2022-37436MEDIUMApache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splittingEPSS 57.9%CVE-2018-11803—Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer ifEPSS 57.8%CVE-2017-7668—The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token()EPSS 57.5%CVE-2024-27317HIGHApache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File ModificationEPSS 56.9%CVE-2022-43396HIGHApache Kylin: Command injection by Useless configurationEPSS 56.8%CVE-2017-9788—In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initiEPSS 56.8%CVE-2022-28731—Apache JSPWiki CSRF in UserPreferences.jspEPSS 56.3%CVE-2018-8006—An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp paEPSS 56.2%CVE-2021-29200—RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMIEPSS 55.4%CVE-2021-44521—Remote code execution for scripted UDFsEPSS 54.9%CVE-2017-7659—A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash EPSS 53.9%CVE-2023-39456HIGHApache Traffic Server: Malformed http/2 frames can cause an abortEPSS 53.5%CVE-2025-48988HIGHApache Tomcat: FileUpload large number of parts with headers DoSEPSS 53.2%CVE-2020-35452—mod_auth_digest possible stack overflow by one nul byteEPSS 53.2%CVE-2021-22160—Authentication with JWT allows use of “none”-algorithmEPSS 52.9%CVE-2022-23307HIGHA deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.EPSS 52.5%

← previouspage 7 / 94next →