Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-04 | CVE-2024-29006 | Unspecified vulnerability in Apache Cloudstack By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. | 9.8 |
| 2024-03-29 | CVE-2024-23538 | Unspecified vulnerability in Apache Fineract Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue. | 9.8 |
| 2024-03-29 | CVE-2024-23539 | Unspecified vulnerability in Apache Fineract Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue. | 9.8 |
| 2024-03-12 | CVE-2024-27135 | Unspecified vulnerability in Apache Pulsar Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. | 9.9 |
| 2024-03-12 | CVE-2024-27317 | Unspecified vulnerability in Apache Pulsar In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. | 9.9 |
| 2024-02-29 | CVE-2024-23807 | Unspecified vulnerability in Apache Xerces-C++ The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. | 9.8 |
| 2024-02-22 | CVE-2023-51388 | Injection vulnerability in Apache Hertzbeat Hertzbeat is a real-time monitoring system. | 9.8 |
| 2024-02-22 | CVE-2023-51389 | Deserialization of Untrusted Data vulnerability in Apache Hertzbeat Hertzbeat is a real-time monitoring system. | 9.8 |
| 2024-02-22 | CVE-2023-51653 | Injection vulnerability in Apache Hertzbeat Hertzbeat is a real-time monitoring system. | 9.8 |
| 2024-01-15 | CVE-2023-46226 | Unspecified vulnerability in Apache Iotdb 1.0.0/1.1.0/1.2.2 Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue. | 9.8 |