Critical Severity Vulnerabilities

Vulnerability Name	CVE CWE	CWE	Severity
ActiveMQ OpenWire RCE (CVE-2023-46604)	CVE-2023-46604 CWE-502	CWE-502	Critical
Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)	CVE-2024-34102 CWE-611	CWE-611	Critical
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51490)	CVE-2024-51490 CWE-707	CWE-707	Critical
Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-15153)	CVE-2020-15153 CWE-138	CWE-138	Critical
Apache HTTP Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2020-11984)	CVE-2020-11984 CWE-120	CWE-120	Critical
Apache HTTP Server CVE-2003-0789 Vulnerability (CVE-2003-0789)	CVE-2003-0789		Critical
Apache HTTP Server CVE-2005-2700 Vulnerability (CVE-2005-2700)	CVE-2005-2700		Critical
Apache HTTP Server CVE-2010-0425 Vulnerability (CVE-2010-0425)	CVE-2010-0425		Critical
Apache HTTP Server CVE-2024-38476 Vulnerability (CVE-2024-38476)	CVE-2024-38476		Critical
Apache HTTP Server Improper Authentication Vulnerability (CVE-2017-3167)	CVE-2017-3167 CWE-287	CWE-287	Critical
Apache HTTP Server Improper Authentication Vulnerability (CVE-2018-1312)	CVE-2018-1312 CWE-287	CWE-287	Critical
Apache HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2024-38474)	CVE-2024-38474 CWE-116	CWE-116	Critical
Apache HTTP Server Improper Handling of Case Sensitivity Vulnerability (CVE-2001-0766)	CVE-2001-0766 CWE-178	CWE-178	Critical
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-9788)	CVE-2017-9788 CWE-20	CWE-20	Critical
Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-7679)	CVE-2017-7679 CWE-119	CWE-119	Critical
Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2022-36760)	CVE-2022-36760		Critical
Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-25690)	CVE-2023-25690		Critical
Apache HTTP Server Insufficient Verification of Data Authenticity Vulnerability (CVE-2022-31813)	CVE-2022-31813 CWE-345	CWE-345	Critical
Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-22721)	CVE-2022-22721 CWE-190	CWE-190	Critical
Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-28615)	CVE-2022-28615 CWE-190	CWE-190	Critical
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2017-3169)	CVE-2017-3169 CWE-476	CWE-476	Critical
Apache HTTP Server Other Vulnerability (CVE-1999-0067)	CVE-1999-0067		Critical
Apache HTTP Server Other Vulnerability (CVE-1999-0926)	CVE-1999-0926		Critical
Apache HTTP Server Other Vulnerability (CVE-1999-1199)	CVE-1999-1199		Critical
Apache HTTP Server Other Vulnerability (CVE-1999-1293)	CVE-1999-1293		Critical
Apache HTTP Server Other Vulnerability (CVE-2004-0492)	CVE-2004-0492		Critical
Apache HTTP Server Other Vulnerability (CVE-2021-42013)	CVE-2021-42013		Critical
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-26691)	CVE-2021-26691 CWE-787	CWE-787	Critical
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275)	CVE-2021-39275 CWE-787	CWE-787	Critical
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2022-23943)	CVE-2022-23943 CWE-787	CWE-787	Critical
Apache HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)	CVE-2021-40438 CWE-918	CWE-918	Critical
Apache HTTP Server Use After Free Vulnerability (CVE-2019-10082)	CVE-2019-10082 CWE-416	CWE-416	Critical
Apache Log4j2 JNDI Remote Code Execution	CVE-2021-44228 CWE-78	CWE-78	Critical
Apache Log4j2 JNDI Remote Code Execution (404 page handler)	CVE-2021-44228 CWE-78	CWE-78	Critical
Apache Log4j2 JNDI Remote Code Execution (delayed)	CVE-2021-44228 CWE-78	CWE-78	Critical
Apache Log4j2 JNDI Remote Code Execution (per folder)	CVE-2021-44228 CWE-78	CWE-78	Critical
Apache Log4j socket receiver deserialization vulnerability	CVE-2017-5645 CWE-502	CWE-502	Critical
Apache OFBiz Authentication Bypass (CVE-2023-51467)	CVE-2023-51467 CWE-287	CWE-287	Critical
Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856)	CVE-2024-32113 CVE-2024-36104 CVE-2024-38856 CWE-22	CWE-22	Critical
Apache OFBiz RCE (CVE-2024-45195)	CVE-2024-45195 CWE-425	CWE-425	Critical
Apache OFBiz SSRF (CVE-2024-45507)	CVE-2024-45507 CWE-918	CWE-918	Critical
Apache Struts2 remote code execution vulnerability	CVE-2016-0785 CWE-78	CWE-78	Critical
Apache Struts2 Remote Command Execution (S2-053)	CVE-2017-12611 CWE-94	CWE-94	Critical
Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164)	CVE-2024-53677 CVE-2023-50164 CWE-434	CWE-434	Critical
Apache Tomcat CVE-2016-8735 Vulnerability (CVE-2016-8735)	CVE-2016-8735		Critical
Apache Tomcat CVE-2017-5651 Vulnerability (CVE-2017-5651)	CVE-2017-5651		Critical
Apache Tomcat Deserialization of Untrusted Data Vulnerability (CVE-2025-24813)	CVE-2025-24813 CWE-502	CWE-502	Critical
Apache Tomcat Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-5648)	CVE-2017-5648 CWE-668	CWE-668	Critical
Apache Tomcat Insecure Default Initialization of Resource Vulnerability (CVE-2018-8014)	CVE-2018-8014 CWE-1188	CWE-1188	Critical
Apache Tomcat Other Vulnerability (CVE-2020-1938)	CVE-2020-1938		Critical
Apache Traffic Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-43082)	CVE-2021-43082 CWE-120	CWE-120	Critical
Apache Traffic Server CVE-2014-3525 Vulnerability (CVE-2014-3525)	CVE-2014-3525		Critical
Apache Traffic Server CVE-2015-5168 Vulnerability (CVE-2015-5168)	CVE-2015-5168		Critical
Apache Traffic Server CVE-2015-5206 Vulnerability (CVE-2015-5206)	CVE-2015-5206		Critical
Apache Traffic Server Improper Access Control Vulnerability (CVE-2014-3624)	CVE-2014-3624 CWE-284	CWE-284	Critical
Apache Traffic Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-3249)	CVE-2015-3249 CWE-119	CWE-119	Critical
Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-33934)	CVE-2023-33934		Critical
Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17559)	CVE-2019-17559 CWE-444	CWE-444	Critical
Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17565)	CVE-2019-17565 CWE-444	CWE-444	Critical
Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-1944)	CVE-2020-1944 CWE-444	CWE-444	Critical
Apache Traffic Server Out-of-bounds Write Vulnerability (CVE-2021-35474)	CVE-2021-35474 CWE-787	CWE-787	Critical
Artifactory CVE-2019-9733 Vulnerability (CVE-2019-9733)	CVE-2019-9733		Critical
Artifactory Improper Input Validation Vulnerability (CVE-2016-6501)	CVE-2016-6501 CWE-20	CWE-20	Critical
Artifactory Improper Privilege Management Vulnerability (CVE-2022-0668)	CVE-2022-0668 CWE-269	CWE-269	Critical
Artifactory Insufficient Verification of Data Authenticity Vulnerability (CVE-2018-19971)	CVE-2018-19971 CWE-345	CWE-345	Critical
Artifactory Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-10036)	CVE-2016-10036 CWE-434	CWE-434	Critical
Artifactory Weak Password Requirements Vulnerability (CVE-2019-17444)	CVE-2019-17444 CWE-521	CWE-521	Critical
Atlassian Confluence CVE-2023-22515 Vulnerability (CVE-2023-22515)	CVE-2023-22515		Critical
Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3396)	CVE-2019-3396 CWE-22	CWE-22	Critical
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-26084)	CVE-2021-26084 CWE-138	CWE-138	Critical
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-22527)	CVE-2023-22527 CWE-138	CWE-138	Critical
Atlassian Confluence Incorrect Authorization Vulnerability (CVE-2023-22518)	CVE-2023-22518 CWE-863	CWE-863	Critical
Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26136)	CVE-2022-26136 CWE-180	CWE-180	Critical
Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)	CVE-2022-26137 CWE-180	CWE-180	Critical
Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-3395)	CVE-2019-3395 CWE-918	CWE-918	Critical

ActiveMQ OpenWire RCE (CVE-2023-46604)

CVE-2023-46604

CWE-502

Critical

Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)

CVE-2024-34102

CWE-611

Critical

Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51490)

CVE-2024-51490

CWE-707

Critical

Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-15153)

CVE-2020-15153

CWE-138

Critical

Apache HTTP Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2020-11984)

CVE-2020-11984

CWE-120

Critical

Apache HTTP Server CVE-2003-0789 Vulnerability (CVE-2003-0789)

CVE-2003-0789

Critical

Apache HTTP Server CVE-2005-2700 Vulnerability (CVE-2005-2700)

CVE-2005-2700

Critical

Apache HTTP Server CVE-2010-0425 Vulnerability (CVE-2010-0425)

CVE-2010-0425

Critical

Apache HTTP Server CVE-2024-38476 Vulnerability (CVE-2024-38476)

CVE-2024-38476

Critical

Apache HTTP Server Improper Authentication Vulnerability (CVE-2017-3167)

CVE-2017-3167

CWE-287

Critical

Apache HTTP Server Improper Authentication Vulnerability (CVE-2018-1312)

CVE-2018-1312

CWE-287

Critical

Apache HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2024-38474)

CVE-2024-38474

CWE-116

Critical

Apache HTTP Server Improper Handling of Case Sensitivity Vulnerability (CVE-2001-0766)

CVE-2001-0766

CWE-178

Critical

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-9788)

CVE-2017-9788

CWE-20

Critical

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-7679)

CVE-2017-7679

CWE-119

Critical

Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2022-36760)

CVE-2022-36760

Critical

Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-25690)

CVE-2023-25690

Critical

Apache HTTP Server Insufficient Verification of Data Authenticity Vulnerability (CVE-2022-31813)

CVE-2022-31813

CWE-345

Critical

Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-22721)

CVE-2022-22721

CWE-190

Critical

Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-28615)

CVE-2022-28615

CWE-190

Critical

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2017-3169)

CVE-2017-3169

CWE-476

Critical

Apache HTTP Server Other Vulnerability (CVE-1999-0067)

CVE-1999-0067

Critical

Apache HTTP Server Other Vulnerability (CVE-1999-0926)

CVE-1999-0926

Critical

Apache HTTP Server Other Vulnerability (CVE-1999-1199)

CVE-1999-1199

Critical

Apache HTTP Server Other Vulnerability (CVE-1999-1293)

CVE-1999-1293

Critical

Apache HTTP Server Other Vulnerability (CVE-2004-0492)

CVE-2004-0492

Critical

Apache HTTP Server Other Vulnerability (CVE-2021-42013)

CVE-2021-42013

Critical

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-26691)

CVE-2021-26691

CWE-787

Critical

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275)

CVE-2021-39275

CWE-787

Critical

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2022-23943)

CVE-2022-23943

CWE-787

Critical

Apache HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)

CVE-2021-40438

CWE-918

Critical

Apache HTTP Server Use After Free Vulnerability (CVE-2019-10082)

CVE-2019-10082

CWE-416

Critical

Apache Log4j2 JNDI Remote Code Execution

CVE-2021-44228

CWE-78

Critical

Apache Log4j2 JNDI Remote Code Execution (404 page handler)

CVE-2021-44228

CWE-78

Critical

Apache Log4j2 JNDI Remote Code Execution (delayed)

CVE-2021-44228

CWE-78

Critical

Apache Log4j2 JNDI Remote Code Execution (per folder)

CVE-2021-44228

CWE-78

Critical

Apache Log4j socket receiver deserialization vulnerability

CVE-2017-5645

CWE-502

Critical

Apache OFBiz Authentication Bypass (CVE-2023-51467)

CVE-2023-51467

CWE-287

Critical

Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856)

CVE-2024-32113 CVE-2024-36104 CVE-2024-38856

CWE-22

Critical

Apache OFBiz RCE (CVE-2024-45195)

CVE-2024-45195

CWE-425

Critical

Apache OFBiz SSRF (CVE-2024-45507)

CVE-2024-45507

CWE-918

Critical

Apache Struts2 remote code execution vulnerability

CVE-2016-0785

CWE-78

Critical

Apache Struts2 Remote Command Execution (S2-053)

CVE-2017-12611

CWE-94

Critical

Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164)

CVE-2024-53677 CVE-2023-50164

CWE-434

Critical

Apache Tomcat CVE-2016-8735 Vulnerability (CVE-2016-8735)

CVE-2016-8735

Critical

Apache Tomcat CVE-2017-5651 Vulnerability (CVE-2017-5651)

CVE-2017-5651

Critical

Apache Tomcat Deserialization of Untrusted Data Vulnerability (CVE-2025-24813)

CVE-2025-24813

CWE-502

Critical

Apache Tomcat Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-5648)

CVE-2017-5648

CWE-668

Critical

Apache Tomcat Insecure Default Initialization of Resource Vulnerability (CVE-2018-8014)

CVE-2018-8014

CWE-1188

Critical

Apache Tomcat Other Vulnerability (CVE-2020-1938)

CVE-2020-1938

Critical

Apache Traffic Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-43082)

CVE-2021-43082

CWE-120

Critical

Apache Traffic Server CVE-2014-3525 Vulnerability (CVE-2014-3525)

CVE-2014-3525

Critical

Apache Traffic Server CVE-2015-5168 Vulnerability (CVE-2015-5168)

CVE-2015-5168

Critical

Apache Traffic Server CVE-2015-5206 Vulnerability (CVE-2015-5206)

CVE-2015-5206

Critical

Apache Traffic Server Improper Access Control Vulnerability (CVE-2014-3624)

CVE-2014-3624

CWE-284

Critical

Apache Traffic Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-3249)

CVE-2015-3249

CWE-119

Critical

Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-33934)

CVE-2023-33934

Critical

Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17559)

CVE-2019-17559

CWE-444

Critical

Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17565)

CVE-2019-17565

CWE-444

Critical

Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-1944)

CVE-2020-1944

CWE-444

Critical

Apache Traffic Server Out-of-bounds Write Vulnerability (CVE-2021-35474)

CVE-2021-35474

CWE-787

Critical

Artifactory CVE-2019-9733 Vulnerability (CVE-2019-9733)

CVE-2019-9733

Critical

Artifactory Improper Input Validation Vulnerability (CVE-2016-6501)

CVE-2016-6501

CWE-20

Critical

Artifactory Improper Privilege Management Vulnerability (CVE-2022-0668)

CVE-2022-0668

CWE-269

Critical

Artifactory Insufficient Verification of Data Authenticity Vulnerability (CVE-2018-19971)

CVE-2018-19971

CWE-345

Critical

Artifactory Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-10036)

CVE-2016-10036

CWE-434

Critical

Artifactory Weak Password Requirements Vulnerability (CVE-2019-17444)

CVE-2019-17444

CWE-521

Critical

Atlassian Confluence CVE-2023-22515 Vulnerability (CVE-2023-22515)

CVE-2023-22515

Critical

Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3396)

CVE-2019-3396

CWE-22

Critical

Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-26084)

CVE-2021-26084

CWE-138

Critical

Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-22527)

CVE-2023-22527

CWE-138

Critical

Atlassian Confluence Incorrect Authorization Vulnerability (CVE-2023-22518)

CVE-2023-22518

CWE-863

Critical

Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26136)

CVE-2022-26136

CWE-180

Critical

Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)

CVE-2022-26137

CWE-180

Critical

Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-3395)

CVE-2019-3395

CWE-918

Critical

Critical Severity Vulnerabilities

Severity

Vulnerability Categories

Still Have Questions?

Take action and discover your vulnerabilities