Vulnerabilities in Apache Software Foundation

1,872 results
CVE-2024-53677CRITICALApache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checksEPSS 78.2%CVE-2024-56325CRITICALApache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not requiredEPSS 78.2%CVE-2022-24288Apache Airflow: RCE in example DAGsEPSS 77.9%CVE-2019-0192In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By poEPSS 77.5%CVE-2023-32007HIGHApache Spark: Shell command injection via Spark UIEPSS 75.8%CVE-2021-41303Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypassEPSS 75.6%CVE-2021-33037Incorrect Transfer-Encoding handling with HTTP/1.0EPSS 75.4%CVE-2017-5637Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, wEPSS 73.7%CVE-2020-13945In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allEPSS 73.0%CVE-2025-29891MEDIUMApache Camel: Camel Message Header Injection through request parametersEPSS 72.0%CVE-2022-29885EncryptInterceptor does not provide complete protection on insecure networksEPSS 71.7%CVE-2017-12616When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source codeEPSS 70.8%CVE-2018-1303A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while EPSS 70.8%CVE-2023-43622Apache HTTP Server: DoS in HTTP/2 with initial windows size 0EPSS 70.6%CVE-2022-22719mod_lua Use of uninitialized value of in r:parsebodyEPSS 69.8%CVE-2024-43441CRITICALApache HugeGraph-Server: Fixed JWT Token(Secret)EPSS 69.7%CVE-2019-17571CRITICALIncluded in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely exeEPSS 69.1%CVE-2022-44635HIGHApache Fineract allowed an authenticated user to perform remote code execution due to path traversalEPSS 68.8%CVE-2023-50290MEDIUMApache Solr: Host environment variables are published via the Metrics APIEPSS 68.7%CVE-2020-13942Remote Code Execution in Apache UnomiEPSS 68.4%