VYPR

Vendor CVEs

Apache

All CVEs

2,550 total · sorted by risk
  • CVE-2016-0734MedApr 7, 2016
    risk 0.33cvss 6.1epss 0.08

    The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

  • CVE-2015-8796MedFeb 15, 2016
    risk 0.33cvss 6.1epss 0.03

    Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.

  • CVE-2026-42797MedMay 25, 2026
    risk 0.32cvss 4.9epss 0.00

    Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access…

  • CVE-2016-8738MedSep 20, 2017
    risk 0.32cvss 5.9epss 0.03

    In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

  • CVE-2016-0762MedAug 10, 2017
    risk 0.32cvss 5.9epss 0.08

    The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid…

  • CVE-2016-8746MedJun 14, 2017
    risk 0.32cvss 5.9epss 0.03

    Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.

  • CVE-2016-5005MedJul 28, 2016
    risk 0.32cvss 4.8epss 0.05

    Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action.

  • CVE-2016-3094MedJun 1, 2016
    risk 0.32cvss 5.9epss 0.08

    PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.

  • CVE-2016-0731MedMay 18, 2016
    risk 0.32cvss 4.9epss 0.03

    The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.

  • CVE-2015-3251MedFeb 8, 2016
    risk 0.32cvss 4.9epss 0.02

    Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls.

  • CVE-2026-50623MedJun 12, 2026
    risk 0.31cvss 4.8epss 0.00

    An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint (/services/oauth2/introspect) can be accessed by any unauthenticated network attacker.…

  • CVE-2026-49267MedJun 1, 2026
    risk 0.31cvss 5.9epss 0.00

    Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_starttls=True` without `[email] smtp_ssl`. An attacker positioned between the…

  • CVE-2026-41017MedJun 1, 2026
    risk 0.31cvss 5.9epss 0.00

    Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy (e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API…

  • CVE-2026-41016MedApr 30, 2026
    risk 0.31cvss 5.9epss 0.00

    Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate,…

  • CVE-2026-40557MedApr 27, 2026
    risk 0.31cvss 4.8epss 0.00

    Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description:  In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skip_tls_valida…

  • CVE-2026-34477MedApr 10, 2026
    risk 0.31cvss 5.9epss 0.00

    The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName …

  • CVE-2017-12618MedOct 24, 2017
    risk 0.31cvss 4.7epss 0.01

    Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using…

  • CVE-2016-8751MedJun 14, 2017
    risk 0.31cvss 4.8epss 0.02

    Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.

  • CVE-2016-5395MedSep 26, 2016
    risk 0.31cvss 4.8epss 0.02

    Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

  • CVE-2012-3446MedNov 4, 2012
    risk 0.31cvss 5.9epss 0.01

    Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL…

  • CVE-2026-44119MedJun 8, 2026
    risk 0.29cvss 5.5epss 0.00

    Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version…

  • CVE-2022-47966KEVJan 18, 2023
    risk 0.29cvss epss 1.00

    Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application…

  • CVE-2021-42013KEVOct 7, 2021
    risk 0.29cvss epss 1.00

    It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by…

  • CVE-2021-41773KEVOct 5, 2021
    risk 0.29cvss epss 1.00

    A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the…

  • CVE-2018-8017MedSep 19, 2018
    risk 0.29cvss 5.5epss 0.03

    In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.

  • CVE-2018-8026MedJul 5, 2018
    risk 0.29cvss 5.5epss 0.09

    This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in…

  • CVE-2018-8008MedJun 5, 2018
    risk 0.29cvss 5.5epss 0.02

    Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path…

  • CVE-2018-8010MedMay 21, 2018
    risk 0.29cvss 5.5epss 0.04

    This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar…

  • CVE-2018-1339MedApr 25, 2018
    risk 0.29cvss 5.5epss 0.03

    A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

  • CVE-2018-1324MedMar 16, 2018
    risk 0.29cvss 5.5epss 0.04

    A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that…

  • CVE-2017-12624MedNov 14, 2017
    risk 0.29cvss 5.5epss 0.04

    Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are…

  • CVE-2016-0782MedAug 5, 2016
    risk 0.29cvss 5.4epss 0.06

    The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors…

  • CVE-2015-5208MedMay 9, 2016
    risk 0.29cvss 4.4epss 0.05

    Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.

  • CVE-2015-5345MedFeb 25, 2016
    risk 0.29cvss 5.3epss 0.18

    The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that…

  • CVE-2015-5174MedFeb 25, 2016
    risk 0.29cvss 4.3epss 0.13

    Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a…

  • CVE-2026-34033MedJun 9, 2026
    risk 0.28cvss 5.4epss 0.00

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to…

  • CVE-2026-46605MedJun 1, 2026
    risk 0.28cvss 4.3epss 0.00

    Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions. This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ…

  • CVE-2026-40914MedMay 28, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the…

  • CVE-2026-33007MedMay 4, 2026
    risk 0.28cvss 5.3epss 0.01

    A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

  • CVE-2026-40948MedApr 18, 2026
    risk 0.28cvss 5.4epss 0.00

    The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted…

  • CVE-2026-35565MedApr 13, 2026
    risk 0.28cvss 5.4epss 0.00

    Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into…

  • CVE-2026-33227MedApr 7, 2026
    risk 0.28cvss 4.3epss 0.00

    Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances (when creating a Stomp consumer and also browsing messages in the Web…

  • CVE-2026-32642MedMar 24, 2026
    risk 0.28cvss 4.3epss 0.00

    Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the…

  • CVE-2025-61795MedOct 27, 2025
    risk 0.28cvss 5.3epss 0.01

    Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage…

  • CVE-2024-55956KEVDec 13, 2024
    risk 0.28cvss epss 0.94

    In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.

  • CVE-2018-8041MedSep 17, 2018
    risk 0.28cvss 5.3epss 0.10

    Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.

  • CVE-2013-4317MedFeb 6, 2018
    risk 0.28cvss 4.3epss 0.01

    In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.

  • CVE-2017-12625MedNov 1, 2017
    risk 0.28cvss 4.3epss 0.01

    Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly…

  • CVE-2017-9794MedSep 30, 2017
    risk 0.28cvss 4.3epss 0.01

    When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query,…

  • CVE-2016-6794MedAug 10, 2017
    risk 0.28cvss 5.3epss 0.07

    When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement…

Page 14 of 51