Apache Latest Vulnerabilities
November 21
Optional Debug Logging in Apache NiFi Could Lead to Sensitive Information Disclosure
CVE-2024-52067
ApacheApache Nifi
November 19
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients
CVE-2024-31141
ApacheApache Kafka Clients
November 18
Incorrect Object Recycling and Reuse Vulnerability in Apache Tomcat
CVE-2024-52318
Apache
Incorrect Object Recycling Vulnerability Affects Apache Tomcat Versions
CVE-2024-52317
Apache👾
Unchecked Error Condition Vulnerability Affects Apache Tomcat
CVE-2024-52316
ApacheApache Tomcat👾
Authorized Attackers can Exploit Deserialization of Untrusted Data Vulnerability in Apache HertzBeat Before 1.6.1
CVE-2024-41151
ApacheApache Hertzbeat
Unauthorized Access to Sensitive Information in Apache HertzBeat Before 1.6.1
CVE-2024-45791
ApacheApache Hertzbeat
Command Injection Vulnerability in Apache HertzBeat (incubating)
CVE-2024-45505
ApacheApache Hertzbeat
SSRF and Code Injection Vulnerability in Apache OFBiz (before 18.12.17)
CVE-2024-47208
ApacheApache Ofbiz
Injection and CSRF Vulnerability in Apache OFBiz Prior to 18.12.17
CVE-2024-48962
ApacheApache Ofbiz
November 15
Airflow Versions Before 2.10.3 Vulnerable to Logging Sensitive Configuration Variables
CVE-2024-45784
ApacheApache Airflow
November 14
Apache Traffic Server Vulnerability: Unchecked Return Value Can Retain Privileges
CVE-2024-50306
ApacheApache Traffic Server
Apache Traffic Server Crash: Update to 9.2.6 or 10.0.2 to Avoid Issues
CVE-2024-50305
ApacheApache Traffic Server
Traffic Server Improper Input Validation Vulnerability
CVE-2024-38479
ApacheApache Traffic Server
November 8
Airflow Versions Before 2.10.3 Have a Vulnerability That Allows Unauthorized Access to Sensitive Data
CVE-2024-50378
ApacheApache Airflow
November 7
ZooKeeper Admin Server IP Authentication Provider Vulnerability: Bypass via Spoofing
CVE-2024-51504
ApacheApache Zookeeper
Allocation of Resources Without Limits or Throttling Vulnerability Affects Multiple Apache Tomcat Versions
CVE-2024-38286
ApacheApache Tomcat8.6HIGH
November 4
Session Fixation vulnerability in Apache Kylin
CVE-2024-23590
ApacheApache Kylin
October 31
Deserialization of Untrusted Data Vulnerability Affects Apache Lucene.NET's Replicator Library
CVE-2024-43383
Apache
October 29
Cross-Site Scripting Vulnerability in Apache NiFi
CVE-2024-45477
ApacheNifi4.6MEDIUM
October 24
Incomplete HTML Tags Can Bypass HTML Sanitization and Lead to XSS Injection in Syncope Console
CVE-2024-45031
ApacheApache Syncope
October 16
Insecure Default Initialization of Resource Vulnerability in Apache Solr
CVE-2024-45217
Apache
CloudStack Templates and Volumes Vulnerability
CVE-2024-45219
Apache
Improper Authentication Vulnerability in Apache Solr
CVE-2024-45216
ApacheApache Solr
October 14
Arbitrary File Write Vulnerability in ActiveMQ Artemis Could Lead to RCE
CVE-2023-50780
ApacheApache ActiveMQ Artemis8.8HIGH
Privilege Escalation Vulnerability Affects Apache Roller Before 6.1.4
CVE-2024-46911
ApacheApache Roller
October 3
Uncontrolled Resource Consumption Vulnerability in Apache Commons IO
CVE-2024-47554
ApacheApache Commons Io
Apache Avro Java SDK Vulnerability
CVE-2024-47561
ApacheApache Avro Java Sdk👾
September 30
Deserialization of Untrusted Data Vulnerability Affecting Apache Lucene Replicator
CVE-2024-45772
ApacheApache Lucene Replicator8HIGH
September 26
Unintended Publishing of Sensitive Information in Maven Artifact
CVE-2024-47197
ApacheMaven Archetype Plugin7.5HIGH
September 25
Hadoop's RunJar.run() does not set permissions for temporary directory by default, posing risk to sensitive data
CVE-2024-23454
ApacheApache Hadoop
Inadequate Encryption Strength in Apache Answer
CVE-2024-40761
ApacheApache Answer
Apache Linkis Random String Security Vulnerability
CVE-2024-39928
ApacheApache Linkis Spark En...
September 21
SnakeYaml Deserialization RCE Vulnerability in Apache HertzBeat (incubating)
CVE-2024-42323
ApacheApache Hertzbeat
September 17
Apache Druid: Users can provide MySQL JDBC properties not on allow list
CVE-2024-45537
ApacheApache Druid6.5MEDIUM
CVE-2024-45384
ApacheDruid5.3MEDIUM
September 16
CVE-2024-22399
ApacheSeata9.8CRITICAL
September 7
Airflow Vulnerability: DAG Authors Can Execute Code During Scheduling
CVE-2024-45034
ApacheApache Airflow
Arbitrary Command Execution Vulnerability in Airflow
CVE-2024-45498
ApacheApache Airflow
September 4
Apache OFBiz vulnerable to 'Forced Browsing' (Direct Request) attack
CVE-2024-45195
ApacheApache Ofbiz👾7.5HIGH
Server-Side Request Forgery (SSRF) and Improper Control of Generation of Code (Code Injection) Vulnerability in Apache OFBiz
CVE-2024-45507
ApacheApache Ofbiz😄9.8CRITICAL
August 26
Local Users Could Access Sensitive Application Data Due to Insufficient Permissions in Apache Portable Runtime on Unix Platforms
CVE-2023-49582
ApacheApache Portable Runtim...5.5MEDIUM
August 21
Apache Airflow Vulnerability: Cross-Site Scripting Attack
CVE-2024-41937
ApacheApache Airflow6.1MEDIUM
MySQL Security Vulnerability in Apache SeaTunnel
CVE-2023-49198
ApacheApache Seatunnel Web7.5HIGH
August 20
Apache Helix Front (UI): Helix front hard-coded secret in the express-session
CVE-2024-22281
ApacheApache Helix Front (ui)
GHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull}
CVE-2024-42361
ApacheHertzbeat9.8CRITICAL
GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import
CVE-2024-42362
ApacheHertzbeat8.8HIGH
DolphinScheduler Remote Code Execution Vulnerability
CVE-2024-43202
ApacheApache Dolphinscheduler
August 12
Apache MINA SSHD Vulnerable to Terrapin Attack, Upgrade Recommended
CVE-2024-41909
ApacheApache Mina Sshd5.9MEDIUM
Illegal Access to Additional Resource Files via File Read/Write Vulnerability
CVE-2024-30188
ApacheApache Dolphinscheduler8.1HIGH
Arbitrary JavaScript Execution Vulnerability Affects Apache DolphinScheduler
CVE-2024-29831
ApacheApache Dolphinscheduler
Password Reset Link Vulnerability in Apache Answer
CVE-2024-41888
ApacheApache Answer5.3MEDIUM
Multiple Password Reset Email Links Can Lead to Vulnerability
CVE-2024-41890
ApacheApache Answer5.3MEDIUM
August 7
Understanding the Recent Access Permission Validation Vulnerability in CloudStack
CVE-2024-42062
ApacheApache Cloudstack7.2HIGH
Unauthorized Access to Network Details in CloudStack 4.19.1.0
CVE-2024-42222
ApacheApache Cloudstack4.3MEDIUM
August 5
UNSUPPORTED: Apache IoTDB Workbench SVRF Vulnerability Affects Retired Product
CVE-2024-36448
ApacheApache Iotdb Workbench7.3HIGH
Incorrect Authorization Vulnerability Affects Apache OFBiz Through 18.12.14
CVE-2024-38856
ApacheApache Ofbiz🔥😄👾9.8CRITICAL
Insufficient Session Expiration Vulnerability in Apache Airflow Providers FAB
CVE-2024-42447
ApacheApache Airflow Provide...9.8CRITICAL
August 2
Arbitrary File Deletion Vulnerability in Apache Linkis Before 1.6.0
CVE-2024-27182
ApacheLinkis4.9MEDIUM
Apache InLong Vulnerability Could Lead to Remote Code Execution
CVE-2024-36268
ApacheInlong9.8CRITICAL
Privilege Escalation Vulnerability Affects Apache Linkis Versions Below 1.5.0
CVE-2024-27181
ApacheApache Linkis Basic Ma...
July 30
Apache SeaTunnel Web Authentication Vulnerability
CVE-2023-48396
ApacheApache Seatunnel Web
July 26
Apache Traffic Server: Vulnerability in Field Names Allows Request Smuggling and Cache Poisoning
CVE-2023-38522
ApacheApache Traffic Server7.5HIGH
Apache Traffic Server Vulnerability Affects Cache Lookup and Forwarding Requests
CVE-2024-35296
ApacheApache Traffic Server8.2HIGH
Apache Traffic Server Vulnerable to Request Smuggling and Cache Poisoning via Malformed HTTP Chunked Trailers
CVE-2024-35161
ApacheApache Traffic Server7.5HIGH
XSS vulnerability in Apache Roller allows authenticated users to perform attacks
CVE-2024-25090
ApacheApache Roller5.4MEDIUM
July 24
Apache Drill Vulnerability Allows Remote File Read/Write and Command Execution
CVE-2023-48362
ApacheApache Drill8.8HIGH
Apache Pinot vulnerability: Sensitive Information Disclosure Due to Inadequate Access Control
CVE-2024-39676
ApacheApache Pinot7.5HIGH
July 23
Logs Exposure of Temporary Credentials May Allow Impersonation
CVE-2024-41178
Apache
Authorization Vulnerability in Backend Service Before 2.1.4
CVE-2024-29070
ApacheApache Streampark
July 22
Cyber Monday Killer Deals: Save $90 on Honeywell Home Smart Thermostat RTH9580EWF
CVE-2024-34457
ApacheApache Streampark6.5MEDIUM
HTML Tag Vulnerability in Syncope Console Could Lead to Exploits
CVE-2024-38503
ApacheApache Syncope5.4MEDIUM
Sensitive Information Exposure Risk in RocketMQ
CVE-2024-23321
ApacheApache RocketMQ8.8HIGH
July 19
SAML Authentication Vulnerability in CloudStack Environments
CVE-2024-41107
ApacheApache Cloudstack👾8.1HIGH
Apache CXF Memory Leak Vulnerability
CVE-2024-41172
ApacheApache Cxf7.5HIGH
Apache CXF JOSE Vulnerability: Denial of Service Attack via Improper Input Validation
CVE-2024-32007
ApacheApache Cxf7.5HIGH
CXF SSRF Vulnerability Affects REST Webservices
CVE-2024-29736
ApacheApache Cxf9.1CRITICAL
July 18
Unofficial: Remote Code Execution Vulnerability identified in [Unnamed] Templates
CVE-2024-29178
ApacheApache Streampark8.8HIGH
Partial Fix for Content-Type Based Configuration Ignores Use of Legacy Handlers, Leading to Source Code Disclosure
CVE-2024-40725
ApacheApache Http Server🔥😄5.3MEDIUM
Vulnerability in Apache HTTP Server Could Leak NTML Hashes to Malicious Servers
CVE-2024-40898
ApacheApache Http Server7.5HIGH
July 17
Authorization Credential Leak in Streampark
CVE-2024-29120
ApacheApache Streampark
Dangerous File Upload Vulnerability in Apache StreamPipes Could Lead to Remote Code Execution
CVE-2024-31411
ApacheApache Streampipes8.8HIGH
Security Vulnerability in Apache StreamPipes Could Allow for Arbitrary HTTP GET Requests
CVE-2024-31979
ApacheApache Streampipes4.3MEDIUM
Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Apache StreamPipes
CVE-2024-30471
ApacheApache Streampipes3.7LOW
Attack vulnerability in Project module
CVE-2024-29737
ApacheApache Streampark (inc...4.7MEDIUM
Dangerous Command Injection Vulnerability in Maven's Compilation
CVE-2023-52291
ApacheApache Streampark (inc...4.7MEDIUM
Arbitrary Code Execution Vulnerability in Apache Airflow
CVE-2024-39877
ApacheApache Airflow8.8HIGH
Airflow Update: Security Vulnerability Affects Versions Before 2.9.3
CVE-2024-39863
ApacheApache Airflow5.4MEDIUM
July 16
Apache StreamPark (incubating): Unchecked SQL query fields trigger SQL injection vulnerability
CVE-2023-52290
ApacheApache Streampark (inc...
July 15
Arbitrary File Reading Vulnerability in Apache Linkis = 1.4.0
CVE-2023-41916
ApacheApache Linkis Datasource6.5MEDIUM
Apache Linkis Remote Code Execution Vulnerability
CVE-2023-46801
ApacheApache Linkis Datasource8.8HIGH
Linkis <=1.5.0 Vulnerable to JNDI Injection due to Inadequate Parameter Filtering
CVE-2023-49566
ApacheApache Linkis Datasource8.8HIGH
July 12
Apache Wicket: Remote code execution via XSLT injection
CVE-2024-36522
ApacheApache Wicket
July 8
Apache NiFi vulnerable to cross-site scripting
CVE-2024-37389
ApacheApache Nifi4.6MEDIUM
July 5
CloudStack Cluster Service Vulnerable to Command Injection Attacks
CVE-2024-38346
ApacheApache Cloudstack9.8CRITICAL
Unauthorized Access to CloudStack Management Network Could Lead to Compromise of Infrastructure
CVE-2024-39864
ApacheApache Cloudstack9.8CRITICAL
July 4
Apache HTTP Server 2.4.60 Regression Leads to Source Code Disclosure
CVE-2024-39884
ApacheApache Http Server
July 3
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption Vulnerability Affects Apache Tomcat
CVE-2024-34750
ApacheApache Tomcat👾
July 1
Unsafe RewriteRules Can Cause URL Redirection in Apache HTTP Server
CVE-2024-39573
ApacheApache Http Server
Apache HTTP Server Fixes Critical Null Pointer Dereference Vulnerability
CVE-2024-38477
ApacheApache Http Server7.5HIGH