Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-4436
The 3DPrint Lite WordPress plugin prior to 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing ...
Wp3dprinting 3dprint Lite
9.8
CVSSv3
CVE-2023-46226
Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 up to and including 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue.
Apache Iotdb
9.8
CVSSv3
CVE-2023-51784
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 up to and including 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or che...
Apache Inlong
9.8
CVSSv3
CVE-2023-51467
The vulnerability permits malicious users to circumvent authentication processes, enabling them to remotely execute arbitrary code
Apache Ofbiz
1 Metasploit module
18 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-51656
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 up to and including 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue.
Apache Iotdb
9.8
CVSSv3
CVE-2023-29234
A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 up to and including 3.1.10, from 3.2.0 up to and including 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.
Apache Dubbo
9.8
CVSSv3
CVE-2023-46279
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.
Apache Dubbo 3.1.5
9.8
CVSSv3
CVE-2023-50164
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or gre...
Apache Struts
12 Github repositories
2 Articles
9.8
CVSSv3
CVE-2023-49070
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: prior to 18.12.10. Users are recommended to upgrade to version 18.12.10
Apache Ofbiz
15 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-49733
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 prior to 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
Apache Cocoon
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »