Apache Latest Vulnerabilities
December 25
Remote Code Execution Risk in Apache MINA ObjectSerializationDecoder
CVE-2024-52046
ApacheApache Mina10CRITICAL
December 24
Authentication Bypass Vulnerability in Apache HugeGraph-Server
CVE-2024-43441
ApacheApache Hugegraph-server
December 23
SQL Injection Vulnerability in Apache Traffic Control
CVE-2024-45387
ApacheApache Traffic Control😄👾9.9CRITICAL
Application Security Flaw in Apache Hive and Spark Affecting Cookie Signature Verification
CVE-2024-23945
ApacheApache Hive
December 20
Race Condition Vulnerability in Apache Tomcat Affects Multiple Versions
CVE-2024-56337
Apache🔥😄
December 17
Race Condition Vulnerability in Apache Tomcat Leading to Remote Code Execution
CVE-2024-50379
ApacheApache Tomcat🔥😄👾9.8CRITICAL
December 12
Incorrectly Identified SQL DML Statement Vulnerability Affects Apache Superset Before 4.1.0
CVE-2024-55633
ApacheApache Superset
December 11
Flawed File Upload Logic in Apache Struts Exposes Vulnerability
CVE-2024-53677
ApacheApache Struts🔥😄👾
December 9
Invalid Filename Validation Vulnerability in Apache Subversion Repositories
CVE-2024-46901
ApacheApache Subversion3.1LOW
December 5
Unsecure Method in Apache Hive Metastore Leads to Remote Code Execution Vulnerability
CVE-2022-41137
ApacheApache Hive
December 3
Improper Authentication in Apache Ozone 1.4.0 Allows Revoking and Regenerating S3 Secrets
CVE-2024-45106
ApacheApache Ozone
November 28
Arrow R Package Vulnerability: Deserialization of Untrusted Data Leads to Arbitrary Code Execution
CVE-2024-52338
ApacheApache Arrow R Package
November 26
Out-of-bounds Read Vulnerability in Apache NimBLE Could Lead to Invalid Memory Access
CVE-2024-51569
ApacheApache Nimble
NimBLE vulnerable to out-of-bounds read due to missing HCI advertising validation
CVE-2024-47250
ApacheApache Nimble
Apache NimBLE: Improper Array Index Validation Vulnerability
CVE-2024-47249
ApacheApache Nimble
Classic Buffer Overflow Vulnerability in Apache NimBLE
CVE-2024-47248
ApacheApache Nimble
November 21
Optional Debug Logging in Apache NiFi Could Lead to Sensitive Information Disclosure
CVE-2024-52067
ApacheApache Nifi
November 19
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients
CVE-2024-31141
ApacheApache Kafka Clients
November 18
Incorrect Object Recycling and Reuse Vulnerability in Apache Tomcat
CVE-2024-52318
Apache👾
Unchecked Error Condition Vulnerability Affects Apache Tomcat
CVE-2024-52316
ApacheApache Tomcat👾
Incorrect Object Recycling Vulnerability Affects Apache Tomcat Versions
CVE-2024-52317
Apache👾
Authorized Attackers can Exploit Deserialization of Untrusted Data Vulnerability in Apache HertzBeat Before 1.6.1
CVE-2024-41151
ApacheApache Hertzbeat
Unauthorized Access to Sensitive Information in Apache HertzBeat Before 1.6.1
CVE-2024-45791
ApacheApache Hertzbeat
Command Injection Vulnerability in Apache HertzBeat (incubating)
CVE-2024-45505
ApacheApache Hertzbeat
SSRF and Code Injection Vulnerability in Apache OFBiz (before 18.12.17)
CVE-2024-47208
ApacheApache Ofbiz
Injection and CSRF Vulnerability in Apache OFBiz Prior to 18.12.17
CVE-2024-48962
ApacheApache Ofbiz
November 15
Airflow Versions Before 2.10.3 Vulnerable to Logging Sensitive Configuration Variables
CVE-2024-45784
ApacheApache Airflow
November 14
Apache Traffic Server Vulnerability: Unchecked Return Value Can Retain Privileges
CVE-2024-50306
ApacheApache Traffic Server
Apache Traffic Server Crash: Update to 9.2.6 or 10.0.2 to Avoid Issues
CVE-2024-50305
ApacheApache Traffic Server
Traffic Server Improper Input Validation Vulnerability
CVE-2024-38479
ApacheApache Traffic Server
November 8
Airflow Versions Before 2.10.3 Have a Vulnerability That Allows Unauthorized Access to Sensitive Data
CVE-2024-50378
ApacheApache Airflow
November 7
ZooKeeper Admin Server IP Authentication Provider Vulnerability: Bypass via Spoofing
CVE-2024-51504
ApacheApache Zookeeper
Allocation of Resources Without Limits or Throttling Vulnerability Affects Multiple Apache Tomcat Versions
CVE-2024-38286
ApacheApache Tomcat8.6HIGH
November 4
Session Fixation vulnerability in Apache Kylin
CVE-2024-23590
ApacheApache Kylin
October 31
Deserialization of Untrusted Data Vulnerability Affects Apache Lucene.NET's Replicator Library
CVE-2024-43383
Apache
October 29
Cross-Site Scripting Vulnerability in Apache NiFi
CVE-2024-45477
ApacheNifi4.6MEDIUM
October 24
Incomplete HTML Tags Can Bypass HTML Sanitization and Lead to XSS Injection in Syncope Console
CVE-2024-45031
ApacheApache Syncope
October 16
Improper Authentication Vulnerability in Apache Solr
CVE-2024-45216
ApacheApache Solr
Insecure Default Initialization of Resource Vulnerability in Apache Solr
CVE-2024-45217
Apache
CloudStack Templates and Volumes Vulnerability
CVE-2024-45219
Apache
October 14
Arbitrary File Write Vulnerability in ActiveMQ Artemis Could Lead to RCE
CVE-2023-50780
ApacheApache ActiveMQ Artemis👾8.8HIGH
Privilege Escalation Vulnerability Affects Apache Roller Before 6.1.4
CVE-2024-46911
ApacheApache Roller
October 3
Uncontrolled Resource Consumption Vulnerability in Apache Commons IO
CVE-2024-47554
ApacheApache Commons Io
Apache Avro Java SDK Vulnerability
CVE-2024-47561
ApacheApache Avro Java Sdk👾
September 30
Deserialization of Untrusted Data Vulnerability Affecting Apache Lucene Replicator
CVE-2024-45772
ApacheApache Lucene Replicator8HIGH
September 26
Unintended Publishing of Sensitive Information in Maven Artifact
CVE-2024-47197
ApacheMaven Archetype Plugin7.5HIGH
September 25
Hadoop's RunJar.run() does not set permissions for temporary directory by default, posing risk to sensitive data
CVE-2024-23454
ApacheApache Hadoop
Inadequate Encryption Strength in Apache Answer
CVE-2024-40761
ApacheApache Answer
Apache Linkis Random String Security Vulnerability
CVE-2024-39928
ApacheApache Linkis Spark En...
September 21
SnakeYaml Deserialization RCE Vulnerability in Apache HertzBeat (incubating)
CVE-2024-42323
ApacheApache Hertzbeat
September 17
Apache Druid: Users can provide MySQL JDBC properties not on allow list
CVE-2024-45537
ApacheApache Druid6.5MEDIUM
CVE-2024-45384
ApacheDruid5.3MEDIUM
September 16
CVE-2024-22399
ApacheSeata9.8CRITICAL
September 7
Airflow Vulnerability: DAG Authors Can Execute Code During Scheduling
CVE-2024-45034
ApacheApache Airflow
Arbitrary Command Execution Vulnerability in Airflow
CVE-2024-45498
ApacheApache Airflow
September 4
Apache OFBiz vulnerable to 'Forced Browsing' (Direct Request) attack
CVE-2024-45195
ApacheApache Ofbiz👾7.5HIGH
Server-Side Request Forgery (SSRF) and Improper Control of Generation of Code (Code Injection) Vulnerability in Apache OFBiz
CVE-2024-45507
ApacheApache Ofbiz😄9.8CRITICAL
August 26
Local Users Could Access Sensitive Application Data Due to Insufficient Permissions in Apache Portable Runtime on Unix Platforms
CVE-2023-49582
ApacheApache Portable Runtim...5.5MEDIUM
August 21
Apache Airflow Vulnerability: Cross-Site Scripting Attack
CVE-2024-41937
ApacheApache Airflow6.1MEDIUM
MySQL Security Vulnerability in Apache SeaTunnel
CVE-2023-49198
ApacheApache Seatunnel Web7.5HIGH
August 20
Apache Helix Front (UI): Helix front hard-coded secret in the express-session
CVE-2024-22281
ApacheApache Helix Front (ui)
GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import
CVE-2024-42362
ApacheHertzbeat8.8HIGH
GHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull}
CVE-2024-42361
ApacheHertzbeat9.8CRITICAL
DolphinScheduler Remote Code Execution Vulnerability
CVE-2024-43202
ApacheApache Dolphinscheduler
August 12
Apache MINA SSHD Vulnerable to Terrapin Attack, Upgrade Recommended
CVE-2024-41909
ApacheApache Mina Sshd5.9MEDIUM
Illegal Access to Additional Resource Files via File Read/Write Vulnerability
CVE-2024-30188
ApacheApache Dolphinscheduler8.1HIGH
Arbitrary JavaScript Execution Vulnerability Affects Apache DolphinScheduler
CVE-2024-29831
ApacheApache Dolphinscheduler
Password Reset Link Vulnerability in Apache Answer
CVE-2024-41888
ApacheApache Answer5.3MEDIUM
Multiple Password Reset Email Links Can Lead to Vulnerability
CVE-2024-41890
ApacheApache Answer5.3MEDIUM
August 7
Understanding the Recent Access Permission Validation Vulnerability in CloudStack
CVE-2024-42062
ApacheApache Cloudstack7.2HIGH
Unauthorized Access to Network Details in CloudStack 4.19.1.0
CVE-2024-42222
ApacheApache Cloudstack4.3MEDIUM
August 5
UNSUPPORTED: Apache IoTDB Workbench SVRF Vulnerability Affects Retired Product
CVE-2024-36448
ApacheApache Iotdb Workbench7.3HIGH
Incorrect Authorization Vulnerability Affects Apache OFBiz Through 18.12.14
CVE-2024-38856
ApacheApache Ofbiz🔥😄👾9.8CRITICAL
Insufficient Session Expiration Vulnerability in Apache Airflow Providers FAB
CVE-2024-42447
ApacheApache Airflow Provide...9.8CRITICAL
August 2
Apache InLong Vulnerability Could Lead to Remote Code Execution
CVE-2024-36268
ApacheInlong9.8CRITICAL
Arbitrary File Deletion Vulnerability in Apache Linkis Before 1.6.0
CVE-2024-27182
ApacheLinkis4.9MEDIUM
Privilege Escalation Vulnerability Affects Apache Linkis Versions Below 1.5.0
CVE-2024-27181
ApacheApache Linkis Basic Ma...
July 30
Apache SeaTunnel Web Authentication Vulnerability
CVE-2023-48396
ApacheApache Seatunnel Web
July 26
Apache Traffic Server: Vulnerability in Field Names Allows Request Smuggling and Cache Poisoning
CVE-2023-38522
ApacheApache Traffic Server7.5HIGH
Apache Traffic Server Vulnerability Affects Cache Lookup and Forwarding Requests
CVE-2024-35296
ApacheApache Traffic Server8.2HIGH
Apache Traffic Server Vulnerable to Request Smuggling and Cache Poisoning via Malformed HTTP Chunked Trailers
CVE-2024-35161
ApacheApache Traffic Server7.5HIGH
XSS vulnerability in Apache Roller allows authenticated users to perform attacks
CVE-2024-25090
ApacheApache Roller5.4MEDIUM
July 24
Apache Drill Vulnerability Allows Remote File Read/Write and Command Execution
CVE-2023-48362
ApacheApache Drill8.8HIGH
Apache Pinot vulnerability: Sensitive Information Disclosure Due to Inadequate Access Control
CVE-2024-39676
ApacheApache Pinot7.5HIGH
July 23
Logs Exposure of Temporary Credentials May Allow Impersonation
CVE-2024-41178
Apache
Authorization Vulnerability in Backend Service Before 2.1.4
CVE-2024-29070
ApacheApache Streampark
July 22
Cyber Monday Killer Deals: Save $90 on Honeywell Home Smart Thermostat RTH9580EWF
CVE-2024-34457
ApacheApache Streampark6.5MEDIUM
HTML Tag Vulnerability in Syncope Console Could Lead to Exploits
CVE-2024-38503
ApacheApache Syncope5.4MEDIUM
Sensitive Information Exposure Risk in RocketMQ
CVE-2024-23321
ApacheApache RocketMQ8.8HIGH
July 19
SAML Authentication Vulnerability in CloudStack Environments
CVE-2024-41107
ApacheApache Cloudstack👾8.1HIGH
Apache CXF Memory Leak Vulnerability
CVE-2024-41172
ApacheApache Cxf7.5HIGH
Apache CXF JOSE Vulnerability: Denial of Service Attack via Improper Input Validation
CVE-2024-32007
ApacheApache Cxf7.5HIGH
CXF SSRF Vulnerability Affects REST Webservices
CVE-2024-29736
ApacheApache Cxf9.1CRITICAL
July 18
Unofficial: Remote Code Execution Vulnerability identified in [Unnamed] Templates
CVE-2024-29178
ApacheApache Streampark8.8HIGH
Partial Fix for Content-Type Based Configuration Ignores Use of Legacy Handlers, Leading to Source Code Disclosure
CVE-2024-40725
ApacheApache Http Server🔥😄👾5.3MEDIUM
Vulnerability in Apache HTTP Server Could Leak NTML Hashes to Malicious Servers
CVE-2024-40898
ApacheApache Http Server7.5HIGH
July 17
Authorization Credential Leak in Streampark
CVE-2024-29120
ApacheApache Streampark
Dangerous File Upload Vulnerability in Apache StreamPipes Could Lead to Remote Code Execution
CVE-2024-31411
ApacheApache Streampipes8.8HIGH
Security Vulnerability in Apache StreamPipes Could Allow for Arbitrary HTTP GET Requests
CVE-2024-31979
ApacheApache Streampipes4.3MEDIUM
Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Apache StreamPipes
CVE-2024-30471
ApacheApache Streampipes3.7LOW