Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-29 | CVE-2025-3891 | A flaw was found in the mod_auth_openidc module for Apache httpd. | 7.5 |
| 2025-04-28 | CVE-2025-31650 | Unspecified vulnerability in Apache Tomcat Improper Input Validation vulnerability in Apache Tomcat. | 7.5 |
| 2025-02-12 | CVE-2024-32838 | Unspecified vulnerability in Apache Fineract SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. | 8.8 |
| 2025-02-06 | CVE-2024-45626 | Unspecified vulnerability in Apache James Server Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue. | 7.5 |
| 2025-01-21 | CVE-2025-23184 | Unspecified vulnerability in Apache CXF A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients). | 7.5 |
| 2024-12-23 | CVE-2024-45387 | SQL Injection vulnerability in Apache Traffic Control 8.0.0/8.0.1 An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops. | 8.8 |
| 2024-11-18 | CVE-2024-48962 | Code Injection vulnerability in Apache Ofbiz Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue. | 8.8 |
| 2024-11-07 | CVE-2024-38286 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. | 7.5 |
| 2024-10-31 | CVE-2024-43383 | Deserialization of Untrusted Data vulnerability in Apache Lucene.Net 4.8.0 Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. | 8.1 |
| 2024-10-16 | CVE-2024-45462 | Unspecified vulnerability in Apache Cloudstack The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. | 7.1 |