| CVE ID | CVSS3.1 | Exploitable | Vendor | Product | Vulnerability | Date added |
|---|---|---|---|---|---|---|
| CVE-2024-38475 | 9.1 | True | Apache | HTTP Server | Apache HTTP Server Improper Escaping of Output Vulnerability | 2025-05-01 00:00:00 |
| CVE-2025-24813 | 10.0 | True | Apache | Tomcat | Apache Tomcat Path Equivalence Vulnerability | 2025-04-01 00:00:00 |
| CVE-2024-45195 | 9.8 | True | Apache | OFBiz | Apache OFBiz Forced Browsing Vulnerability | 2025-02-04 00:00:00 |
| CVE-2024-27348 | 9.8 | True | Apache | HugeGraph-Server | Apache HugeGraph-Server Improper Access Control Vulnerability | 2024-09-18 00:00:00 |
| CVE-2024-38856 | 8.1 | True | Apache | OFBiz | Apache OFBiz Incorrect Authorization Vulnerability | 2024-08-27 00:00:00 |
| CVE-2024-32113 | 9.1 | True | Apache | OFBiz | Apache OFBiz Path Traversal Vulnerability | 2024-08-07 00:00:00 |
| CVE-2020-17519 | 9.1 | True | Apache | Flink | Apache Flink Improper Access Control Vulnerability | 2024-05-23 00:00:00 |
| CVE-2023-27524 | 8.9 | True | Apache | Superset | Apache Superset Insecure Default Initialization of Resource Vulnerability | 2024-01-08 00:00:00 |
| CVE-2023-46604 | 10.0 | True | Apache | ActiveMQ | Apache ActiveMQ Deserialization of Untrusted Data Vulnerability | 2023-11-02 00:00:00 |
| CVE-2023-33246 | 9.8 | True | Apache | RocketMQ | Apache RocketMQ Command Execution Vulnerability | 2023-09-06 00:00:00 |
| CVE-2016-8735 | 9.8 | True | Apache | Tomcat | Apache Tomcat Remote Code Execution Vulnerability | 2023-05-12 00:00:00 |
| CVE-2021-45046 | 9.0 | True | Apache | Log4j2 | Apache Log4j2 Deserialization of Untrusted Data Vulnerability | 2023-05-01 00:00:00 |
| CVE-2022-33891 | 8.8 | True | Apache | Spark | Apache Spark Command Injection Vulnerability | 2023-03-07 00:00:00 |
| CVE-2022-24112 | 9.8 | True | Apache | APISIX | Apache APISIX Authentication Bypass Vulnerability | 2022-08-25 00:00:00 |
| CVE-2022-24706 | 9.8 | True | Apache | CouchDB | Apache CouchDB Insecure Default Initialization of Resource Vulnerability | 2022-08-25 00:00:00 |
| CVE-2013-2251 | 9.8 | True | Apache | Struts | Apache Struts Improper Input Validation Vulnerability | 2022-03-25 00:00:00 |
| CVE-2017-12615 | 8.1 | True | Apache | Tomcat | Apache Tomcat on Windows Remote Code Execution Vulnerability | 2022-03-25 00:00:00 |
| CVE-2017-12617 | 8.1 | True | Apache | Tomcat | Apache Tomcat Remote Code Execution Vulnerability | 2022-03-25 00:00:00 |
| CVE-2020-1956 | 8.8 | True | Apache | Kylin | Apache Kylin OS Command Injection Vulnerability | 2022-03-25 00:00:00 |
| CVE-2020-1938 | 9.8 | True | Apache | Tomcat | Apache Tomcat Improper Privilege Management Vulnerability | 2022-03-03 00:00:00 |
| CVE-2016-3088 | 9.8 | True | Apache | ActiveMQ | Apache ActiveMQ Improper Input Validation Vulnerability | 2022-02-10 00:00:00 |
| CVE-2017-9791 | 9.8 | True | Apache | Struts 1 | Apache Struts 1 Improper Input Validation Vulnerability | 2022-02-10 00:00:00 |
| CVE-2012-0391 | 9.8 | True | Apache | Struts 2 | Apache Struts 2 Improper Input Validation Vulnerability | 2022-01-21 00:00:00 |
| CVE-2006-1547 | 7.5 | True | Apache | Struts 1 | Apache Struts 1 ActionForm Denial-of-Service Vulnerability | 2022-01-21 00:00:00 |
| CVE-2020-13927 | 9.8 | True | Apache | Airflow's Experimental API | Apache Airflow's Experimental API Authentication Bypass | 2022-01-18 00:00:00 |
| CVE-2020-11978 | 8.8 | True | Apache | Airflow | Apache Airflow Command Injection | 2022-01-18 00:00:00 |
| CVE-2021-44228 | 10.0 | True | Apache | Log4j2 | Apache Log4j2 Remote Code Execution Vulnerability | 2021-12-10 00:00:00 |
| CVE-2019-0193 | 7.2 | True | Apache | Solr | Apache Solr DataImportHandler Code Injection Vulnerability | 2021-12-10 00:00:00 |
| CVE-2021-40438 | 9.0 | True | Apache | Apache | Apache HTTP Server-Side Request Forgery (SSRF) | 2021-12-01 00:00:00 |
| CVE-2018-11776 | 8.1 | True | Apache | Struts | Apache Struts Remote Code Execution Vulnerability | 2021-11-03 00:00:00 |
| CVE-2017-5638 | 9.8 | True | Apache | Struts | Apache Struts Remote Code Execution Vulnerability | 2021-11-03 00:00:00 |
| CVE-2020-17530 | 9.8 | True | Apache | Struts | Apache Struts Remote Code Execution Vulnerability | 2021-11-03 00:00:00 |
| CVE-2019-17558 | 7.5 | True | Apache | Solr | Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability | 2021-11-03 00:00:00 |
| CVE-2016-4437 | 9.8 | True | Apache | Shiro | Apache Shiro Code Execution Vulnerability | 2021-11-03 00:00:00 |
| CVE-2019-0211 | 7.8 | True | Apache | HTTP Server | Apache HTTP Server Privilege Escalation Vulnerability | 2021-11-03 00:00:00 |
| CVE-2021-41773 | 7.5 | True | Apache | HTTP Server | Apache HTTP Server Path Traversal Vulnerability | 2021-11-03 00:00:00 |
| CVE-2021-42013 | 9.8 | True | Apache | HTTP Server | Apache HTTP Server Path Traversal Vulnerability | 2021-11-03 00:00:00 |
| CVE-2017-9805 | 8.1 | True | Apache | Struts | Apache Struts Deserialization of Untrusted Data Vulnerability | 2021-11-03 00:00:00 |
AVET INS is an owner of VULNDBASE brand and website. This product uses data from the NVD API but is not endorsed or certified by the NVD. See NVD page for more information. CVE is a registered trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE site. CWE is a registered trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE page. KEV (Known Exploited Vulnerabilities) is a catalog maintained by CISA. EUVD is the official EU repository for timely, curated cybersecurity vulnerability intelligence and remediation guidance run by ENISA. DORA (Digital Operational Resilience Act) is and EU directive.
Copyright AVET INS 1997 - 2026