Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-08 | CVE-2024-32113 | Unspecified vulnerability in Apache Ofbiz Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. | 9.8 |
| 2024-04-22 | CVE-2024-27348 | Unspecified vulnerability in Apache Hugegraph 1.0.0/1.2.0 RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. | 9.8 |
| 2024-04-04 | CVE-2024-29006 | Unspecified vulnerability in Apache Cloudstack By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. | 9.8 |
| 2024-03-29 | CVE-2024-23538 | Unspecified vulnerability in Apache Fineract Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue. | 9.8 |
| 2024-03-29 | CVE-2024-23539 | Unspecified vulnerability in Apache Fineract Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue. | 9.8 |
| 2024-03-12 | CVE-2024-27135 | Unspecified vulnerability in Apache Pulsar Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. | 9.9 |
| 2024-03-12 | CVE-2024-27317 | Unspecified vulnerability in Apache Pulsar In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. | 9.9 |
| 2024-02-29 | CVE-2024-23807 | Unspecified vulnerability in Apache Xerces-C++ The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. | 9.8 |
| 2024-02-22 | CVE-2023-51388 | Injection vulnerability in Apache Hertzbeat Hertzbeat is a real-time monitoring system. | 9.8 |
| 2024-02-22 | CVE-2023-51389 | Deserialization of Untrusted Data vulnerability in Apache Hertzbeat Hertzbeat is a real-time monitoring system. | 9.8 |