Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-38476 Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
network
low complexity
apache netapp
critical
9.8
2024-06-12 CVE-2024-36265 Unspecified vulnerability in Apache Submarine 0.8.0
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue.
network
low complexity
apache
critical
9.8
2024-06-12 CVE-2024-36264 Unspecified vulnerability in Apache Submarine 0.8.0
** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be used. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue.
network
low complexity
apache
critical
9.8
2024-05-08 CVE-2024-32113 Unspecified vulnerability in Apache Ofbiz
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.
network
low complexity
apache
critical
9.8
2024-04-22 CVE-2024-27348 Unspecified vulnerability in Apache Hugegraph 1.0.0/1.2.0
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
network
low complexity
apache
critical
9.8
2024-03-29 CVE-2024-23538 Unspecified vulnerability in Apache Fineract
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.
network
low complexity
apache
critical
9.8
2024-03-29 CVE-2024-23539 Unspecified vulnerability in Apache Fineract
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.
network
low complexity
apache
critical
9.8
2024-01-15 CVE-2023-46226 Unspecified vulnerability in Apache Iotdb 1.0.0/1.1.0/1.2.2
Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue.
network
low complexity
apache
critical
9.8
2024-01-03 CVE-2023-51784 Unspecified vulnerability in Apache Inlong
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329
network
low complexity
apache
critical
9.8
2023-12-26 CVE-2023-51467 Server-Side Request Forgery (SSRF) vulnerability in Apache Ofbiz
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
network
low complexity
apache CWE-918
critical
9.8