Apache Latest Vulnerabilities
September 17
Apache Druid: Users can provide MySQL JDBC properties not on allow list
CVE-2024-45537
ApacheApache Druid
September 7
Airflow Vulnerability: DAG Authors Can Execute Code During Scheduling
CVE-2024-45034
ApacheApache Airflow
Arbitrary Command Execution Vulnerability in Airflow
CVE-2024-45498
ApacheApache Airflow
September 4
Apache OFBiz vulnerable to 'Forced Browsing' (Direct Request) attack
CVE-2024-45195
ApacheApache Ofbiz👾7.5HIGH
Server-Side Request Forgery (SSRF) and Improper Control of Generation of Code (Code Injection) Vulnerability in Apache OFBiz
CVE-2024-45507
ApacheApache Ofbiz😄9.8CRITICAL
August 26
Local Users Could Access Sensitive Application Data Due to Insufficient Permissions in Apache Portable Runtime on Unix Platforms
CVE-2023-49582
ApacheApache Portable Runtim...5.5MEDIUM
August 21
Apache Airflow Vulnerability: Cross-Site Scripting Attack
CVE-2024-41937
ApacheApache Airflow6.1MEDIUM
MySQL Security Vulnerability in Apache SeaTunnel
CVE-2023-49198
ApacheApache Seatunnel Web7.5HIGH
August 20
Apache Helix Front (UI): Helix front hard-coded secret in the express-session
CVE-2024-22281
ApacheApache Helix Front (ui)
GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import
CVE-2024-42362
ApacheHertzbeat8.8HIGH
GHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull}
CVE-2024-42361
ApacheHertzbeat9.8CRITICAL
DolphinScheduler Remote Code Execution Vulnerability
CVE-2024-43202
ApacheApache Dolphinscheduler
August 12
Apache MINA SSHD Vulnerable to Terrapin Attack, Upgrade Recommended
CVE-2024-41909
ApacheApache Mina Sshd5.9MEDIUM
Password Reset Link Vulnerability in Apache Answer
CVE-2024-41888
ApacheApache Answer5.3MEDIUM
Illegal Access to Additional Resource Files via File Read/Write Vulnerability
CVE-2024-30188
ApacheApache Dolphinscheduler8.1HIGH
Multiple Password Reset Email Links Can Lead to Vulnerability
CVE-2024-41890
ApacheApache Answer5.3MEDIUM
Arbitrary JavaScript Execution Vulnerability Affects Apache DolphinScheduler
CVE-2024-29831
ApacheApache Dolphinscheduler
August 7
Understanding the Recent Access Permission Validation Vulnerability in CloudStack
CVE-2024-42062
ApacheApache Cloudstack7.2HIGH
Unauthorized Access to Network Details in CloudStack 4.19.1.0
CVE-2024-42222
ApacheApache Cloudstack4.3MEDIUM
August 5
UNSUPPORTED: Apache IoTDB Workbench SVRF Vulnerability Affects Retired Product
CVE-2024-36448
ApacheApache Iotdb Workbench7.3HIGH
Incorrect Authorization Vulnerability Affects Apache OFBiz Through 18.12.14
CVE-2024-38856
ApacheApache Ofbiz🔥😄👾9.8CRITICAL
Insufficient Session Expiration Vulnerability in Apache Airflow Providers FAB
CVE-2024-42447
ApacheApache Airflow Provide...9.8CRITICAL
August 2
Arbitrary File Deletion Vulnerability in Apache Linkis Before 1.6.0
CVE-2024-27182
ApacheLinkis4.9MEDIUM
Apache InLong Vulnerability Could Lead to Remote Code Execution
CVE-2024-36268
ApacheInlong9.8CRITICAL
Privilege Escalation Vulnerability Affects Apache Linkis Versions Below 1.5.0
CVE-2024-27181
ApacheApache Linkis Basic Ma...
July 30
Apache SeaTunnel Web Authentication Vulnerability
CVE-2023-48396
ApacheApache Seatunnel Web
July 26
Apache Traffic Server: Vulnerability in Field Names Allows Request Smuggling and Cache Poisoning
CVE-2023-38522
ApacheApache Traffic Server7.5HIGH
Apache Traffic Server Vulnerability Affects Cache Lookup and Forwarding Requests
CVE-2024-35296
ApacheApache Traffic Server8.2HIGH
Apache Traffic Server Vulnerable to Request Smuggling and Cache Poisoning via Malformed HTTP Chunked Trailers
CVE-2024-35161
ApacheApache Traffic Server7.5HIGH
XSS vulnerability in Apache Roller allows authenticated users to perform attacks
CVE-2024-25090
ApacheApache Roller5.4MEDIUM
July 24
Apache Drill Vulnerability Allows Remote File Read/Write and Command Execution
CVE-2023-48362
ApacheApache Drill8.8HIGH
Apache Pinot vulnerability: Sensitive Information Disclosure Due to Inadequate Access Control
CVE-2024-39676
ApacheApache Pinot7.5HIGH
July 23
Logs Exposure of Temporary Credentials May Allow Impersonation
CVE-2024-41178
Apache
Authorization Vulnerability in Backend Service Before 2.1.4
CVE-2024-29070
ApacheApache Streampark
July 22
Cyber Monday Killer Deals: Save $90 on Honeywell Home Smart Thermostat RTH9580EWF
CVE-2024-34457
ApacheApache Streampark6.5MEDIUM
HTML Tag Vulnerability in Syncope Console Could Lead to Exploits
CVE-2024-38503
ApacheApache Syncope5.4MEDIUM
Sensitive Information Exposure Risk in RocketMQ
CVE-2024-23321
ApacheApache RocketMQ8.8HIGH
July 19
SAML Authentication Vulnerability in CloudStack Environments
CVE-2024-41107
ApacheApache Cloudstack👾8.1HIGH
Apache CXF Memory Leak Vulnerability
CVE-2024-41172
ApacheApache Cxf7.5HIGH
Apache CXF JOSE Vulnerability: Denial of Service Attack via Improper Input Validation
CVE-2024-32007
ApacheApache Cxf7.5HIGH
CXF SSRF Vulnerability Affects REST Webservices
CVE-2024-29736
ApacheApache Cxf9.1CRITICAL
July 18
Unofficial: Remote Code Execution Vulnerability identified in [Unnamed] Templates
CVE-2024-29178
ApacheApache Streampark8.8HIGH
Partial Fix for Content-Type Based Configuration Ignores Use of Legacy Handlers, Leading to Source Code Disclosure
CVE-2024-40725
ApacheApache Http Server🔥😄5.3MEDIUM
Vulnerability in Apache HTTP Server Could Leak NTML Hashes to Malicious Servers
CVE-2024-40898
ApacheApache Http Server7.5HIGH
July 17
Authorization Credential Leak in Streampark
CVE-2024-29120
ApacheApache Streampark
Dangerous File Upload Vulnerability in Apache StreamPipes Could Lead to Remote Code Execution
CVE-2024-31411
ApacheApache Streampipes8.8HIGH
Security Vulnerability in Apache StreamPipes Could Allow for Arbitrary HTTP GET Requests
CVE-2024-31979
ApacheApache Streampipes4.3MEDIUM
Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Apache StreamPipes
CVE-2024-30471
ApacheApache Streampipes3.7LOW
Attack vulnerability in Project module
CVE-2024-29737
ApacheApache Streampark (inc...4.7MEDIUM
Dangerous Command Injection Vulnerability in Maven's Compilation
CVE-2023-52291
ApacheApache Streampark (inc...4.7MEDIUM
Arbitrary Code Execution Vulnerability in Apache Airflow
CVE-2024-39877
ApacheApache Airflow8.8HIGH
Airflow Update: Security Vulnerability Affects Versions Before 2.9.3
CVE-2024-39863
ApacheApache Airflow5.4MEDIUM
July 16
Apache StreamPark (incubating): Unchecked SQL query fields trigger SQL injection vulnerability
CVE-2023-52290
ApacheApache Streampark (inc...
July 15
Arbitrary File Reading Vulnerability in Apache Linkis = 1.4.0
CVE-2023-41916
ApacheApache Linkis Datasource6.5MEDIUM
Linkis <=1.5.0 Vulnerable to JNDI Injection due to Inadequate Parameter Filtering
CVE-2023-49566
ApacheApache Linkis Datasource8.8HIGH
Apache Linkis Remote Code Execution Vulnerability
CVE-2023-46801
ApacheApache Linkis Datasource8.8HIGH
July 12
Apache Wicket: Remote code execution via XSLT injection
CVE-2024-36522
ApacheApache Wicket
July 8
Apache NiFi vulnerable to cross-site scripting
CVE-2024-37389
ApacheApache Nifi4.6MEDIUM
July 5
CloudStack Cluster Service Vulnerable to Command Injection Attacks
CVE-2024-38346
ApacheApache Cloudstack9.8CRITICAL
Unauthorized Access to CloudStack Management Network Could Lead to Compromise of Infrastructure
CVE-2024-39864
ApacheApache Cloudstack9.8CRITICAL
July 4
Apache HTTP Server 2.4.60 Regression Leads to Source Code Disclosure
CVE-2024-39884
ApacheApache Http Server
July 3
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption Vulnerability Affects Apache Tomcat
CVE-2024-34750
ApacheApache Tomcat👾
July 1
Unsafe RewriteRules Can Cause URL Redirection in Apache HTTP Server
CVE-2024-39573
ApacheApache Http Server
Apache HTTP Server Fixes Critical Null Pointer Dereference Vulnerability
CVE-2024-38477
ApacheApache Http Server7.5HIGH
Apache HTTP Server Vulnerable to Information Disclosure and Local Script Execution
CVE-2024-38476
ApacheApache Http Server9.8CRITICAL
Code Execution or Source Code Disclosure Vulnerability in Apache HTTP Server's mod_rewrite
CVE-2024-38475
ApacheApache Http Server
Substitution Encoding Issue in mod_rewrite Allows Execution of Scripts in Directories
CVE-2024-38474
ApacheApache Http Server9.8CRITICAL
Crafted Requests Can Bypass Authentication in Apache HTTP Server's mod_proxy
CVE-2024-38473
ApacheApache Http Server
Apache HTTP Server Vulnerability Could Leak NTML Hashes
CVE-2024-38472
ApacheApache Http Server
HTTP/2 WebSocket Protocol Vulnerability Could Lead to Server Crash and Degraded Performance
CVE-2024-36387
ApacheApache Http Server
June 26
XML Signature Vulnerability in Apache XML Security for C++ Through 2.0.4
CVE-2024-34580
Apache
June 24
Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability Affects Apache StreamPipes from 0.69.0 to 0.93.0
CVE-2024-29868
ApacheApache Streampipes👾
JSPWiki XSS Vulnerability Allows Attacker to Steal Sensitive Information
CVE-2024-27136
ApacheApache Jspwiki
June 22
Allura's Neighborhood Settings Vulnerable to Stored XSS Attack
CVE-2024-38379
ApacheApache Allura
June 20
Improper Input Validation Vulnerability in Apache Superset Allows for File Reading and Insertion
CVE-2024-34693
ApacheApache Superset👾6.8MEDIUM
June 14
Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow
CVE-2024-25142
ApacheApache Airflow
June 12
Apache Submarine Server Core: authorization bypass
CVE-2024-36265
ApacheApache Submarine Serve...
Apache Submarine Server Core: SQL injection
CVE-2024-36263
ApacheApache Submarine Serve...
June 10
DNS Rebinding Vulnerability Affects Apache Allura Versions 1.0.1-1.16.0
CVE-2024-36471
ApacheApache Allura
June 4
Apache OFBiz vulnerable to Path Traversal attack
CVE-2024-36104
ApacheApache Ofbiz👾
May 14
Unsupported Input Validation Vulnerability Affects All Versions of Apache Karaf Cave
CVE-2024-34365
ApacheApache Karaf Cave
Airflow 2.9.0 Vulnerability: Malicious Log Injection Risk
CVE-2024-32077
ApacheApache Airflow
May 8
Deserialization of Untrusted Data Vulnerability Affects Apache InLong
CVE-2024-26579
ApacheApache Inlong
Apache OFBiz Fixes Path Traversal Vulnerability
CVE-2024-32113
ApacheApache Ofbiz👾9.8CRITICAL
May 7
Authenticated User Can Access Metadata for Unauthorized Datasource via Targeted REST API Request
CVE-2024-28148
ApacheApache Superset4.3MEDIUM
May 3
Apache Hive Vulnerable to Code Injection Attacks
CVE-2023-35701
ApacheApache Hive
May 2
Inconsistent Interpretation of HTTP Requests Vulnerability in Apache APISIX
CVE-2024-32638
ApacheApache Apisix
Default Configuration Flaw Exposes ActiveMQ Broker to Unauthorized Access
CVE-2024-32114
ApacheApache ActiveMQ8.5HIGH
April 22
Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server
CVE-2024-27349
ApacheApache Hugegraph-server
RCE Vulnerability in Apache HugeGraph-Server
CVE-2024-27348
ApacheApache Hugegraph-server😄👾
Apache HugeGraph-Hubble Server-Side Request Forgery (SSRF) Vulnerability
CVE-2024-27347
ApacheApache Hugegraph-hubble
April 21
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
CVE-2024-29733
ApacheApache Airflow Ftp Pro...
Apache Answer vulnerable to Cross-site Scripting (XSS) Attack
CVE-2024-29217
ApacheApache Answer
April 18
Airflow Versions 2.7.0 through 2.8.4 Vulnerability: Authenticated User Can Access Sensitive Provider Configuration
CVE-2024-31869
ApacheApache Airflow
April 12
Insertion of Sensitive Information into Log File Vulnerability Affects Solr Operator Versions 0.3.0-0.8.0
CVE-2024-31391
ApacheApache Solr Operator
Kafka Migration Bug Affects ACL Enforcement
CVE-2024-27309
ApacheApache Kafka
April 11
Code Injection Vulnerability in Apache Zeppelin
CVE-2024-31861
ApacheApache Zeppelin
April 10
Apache Traffic Server Vulnerable to HTTP/2 CONTINUATION DoS Attack
CVE-2024-31309
ApacheApache Traffic Server
April 9
Apache Zeppelin: LDAP search filter query Injection Vulnerability
CVE-2024-31867
ApacheApache Zeppelin
Apache Zeppelin: XSS vulnerability in the helium module
CVE-2024-31868
ApacheApache Zeppelin