Vendor security team contributor

Apache

CNA assigner on 34 of 34 known-exploited records. Every aggregate on this page is recomputed from the records listed below — each one already cited to its public source.

No vendor advisory domain is cited for this contributor in the corpus — its credit here is as a CNA/finder. Home URL is a stated coverage gap.

records cited in

deterministic count

finder / reporter credits

CVE.org credits

CVE records catalogued (CNA)

assigner

97%

avg modeled exploit prob.

FIRST EPSS, 34/34

21%

ransomware-associated

7 of 34 · CISA flag

Known for

— recomputed from this contributor’s own records

SurfacesServer / web platform (34)

WeaknessInjection (13), Authorization / access control (7), Path traversal / file (6), Authentication (2), Memory safety (1)

PortfolioApache (34)

Narrative reach

— how far this contributor’s records carry an attacker, front door → lights out

1Front door

34reach this stage

→

2Keys to the kingdom

34reach this stage

→

3Lateral reach

34reach this stage

→

4Data at risk

0reach this stage

→

5Lights out

0reach this stage

Furthest any of these records carries an attacker: 3 · Lateral reach. 0 of 34 narrative-framed records reach data-at-risk or lights-out. (furthest-position idiom, reused from the landing map; the stage mapping is a model output over cited evidence.)

Recent highlights

— this contributor’s newest known-exploited records

CVE-2026-34197Apache87%KEV CVE-2024-38475Apache100%KEV CVE-2025-24813Apache100%KEV CVE-2024-45195Apache100%KEV CVE-2024-27348Apache99%KEV CVE-2024-38856Apache99%KEV

Every record they’re cited in

— all 34, each linked to its cited source

This is the evidence behind every number above. Sorted ransomware-first, then by modeled exploit probability.

CVE-2021-44228Apache100%RWKEV CVE-2017-5638Apache100%RWKEV CVE-2021-41773Apache100%RWKEV CVE-2021-45046Apache100%RWKEV CVE-2021-42013Apache100%RWKEV CVE-2023-46604Apache100%RWKEV CVE-2017-12615Apache100%RWKEV CVE-2021-40438Apache100%KEV CVE-2018-11776Apache100%KEV CVE-2017-12617Apache100%KEV CVE-2024-45195Apache100%KEV CVE-2024-38475Apache100%KEV CVE-2025-24813Apache100%KEV CVE-2020-13927Apache100%KEV CVE-2017-9805Apache99%KEV CVE-2024-32113Apache99%KEV CVE-2024-38856Apache99%KEV CVE-2020-1938Apache99%KEV CVE-2024-27348Apache99%KEV CVE-2020-11978Apache99%KEV CVE-2017-9791Apache99%KEV CVE-2019-17558Apache99%KEV CVE-2020-1956Apache98%KEV CVE-2020-17519Apache98%KEV CVE-2023-27524Apache97%KEV CVE-2023-33246Apache97%KEV CVE-2022-24112Apache96%KEV CVE-2020-17530Apache96%KEV CVE-2022-33891Apache93%KEV CVE-2022-24706Apache92%KEV CVE-2016-8735Apache90%KEV CVE-2026-34197Apache87%KEV CVE-2019-0193Apache84%KEV CVE-2019-0211Apache65%KEV

Coverage & confidence

— what this profile claims, and what it does not

Established (cited)

Cited in 34 known-exploited records — the list below; every one links to its public source.

Catalogued 34 CVE record(s) as the CNA assigner (from CVE.org).

Coverage gaps — stated, not hidden

This profile is an aggregation: it asserts only what the listed records already cite — no new external claim about the contributor is made.

The TYPE badge and the narrative-stage mapping are editorial (our call), labeled as such, not a sourced fact.

No vendor advisory home domain is cited for this contributor in the corpus.