Apache
CVE Severity Distribution (All Time)
Timeline Overview
Recent CVEs
View allImproper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users …
Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is un…
Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate t…
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access wh…
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could…
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuth…
Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue …
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Us…
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerabili…
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a…
Related Security News
A newly exploit chain targeting SonicWall’s Secure Mobile Access (SMA) appliances has been released. Published by watchTowr Labs, The post SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-20…
watchTowr reveals active exploitation of SonicWall SMA 100 vulnerabilities (CVE-2024-38475 & CVE-2023-44221) potentially leading to full system takeover…
Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise SonicWall secure mobile access devices, the vendor has confirmed by updating the associat…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38475 Apache HTTP Server Improper Escaping of Output Vulnerab…
Multiple vulnerabilities were identified in F5 Products, attacker can exploit this vulnerability to trigger sensitive information disclosure and denial of service condition on the targeted system. No…