cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-40725,https://securityvulnerability.io/vulnerability/CVE-2024-40725,"Partial Fix for Content-Type Based Configuration Ignores Use of Legacy Handlers, Leading to Source Code Disclosure","A vulnerability has been identified in Apache HTTP Server version 2.4.61, stemming from a partial fix of a prior vulnerability. This issue arises from improper handling of legacy content-type configuration, specifically with directives like 'AddType'. When certain files are requested indirectly, this misconfiguration can lead to unintended disclosure of source code, including PHP scripts, instead of executing them as intended. It is advisable for users to upgrade to version 2.4.62 to mitigate this potential risk.",Apache,Apache Http Server,5.3,MEDIUM,0.0008800000068731606,false,,true,false,true,2024-12-19T00:09:38.000Z,true,true,true,2024-07-23T11:23:09.225Z,2024-07-18T09:32:43.929Z,5589
CVE-2024-38856,https://securityvulnerability.io/vulnerability/CVE-2024-38856,Incorrect Authorization Vulnerability Affects Apache OFBiz Through 18.12.14,"An incorrect authorization vulnerability exists in Apache OFBiz that affects versions up to 18.12.14. This issue permits unauthenticated endpoints to execute screen rendering code if certain preconditions are met, particularly when the screen definitions lack explicit checks for user permissions due to reliance on endpoint configurations. Users are advised to upgrade to version 18.12.15 to mitigate the vulnerability and secure their systems.",Apache,Apache Ofbiz,9.8,CRITICAL,0.9428799748420715,true,2024-08-27T00:00:00.000Z,true,true,true,2024-08-05T14:45:12.000Z,true,true,true,2024-08-06T21:52:02.266Z,2024-08-05T08:20:18.081Z,7151
CVE-2024-53677,https://securityvulnerability.io/vulnerability/CVE-2024-53677,Flawed File Upload Logic in Apache Struts Exposes Vulnerability,"A security flaw in the file upload mechanism of Apache Struts could allow an attacker to exploit file upload parameters. This vulnerability enables path traversal, leading to the possibility of uploading a malicious file that can facilitate remote code execution. To mitigate risks, users should upgrade to version 6.4.0 or later and adopt the new file upload mechanism provided by Apache Struts. Applications utilizing older file upload logic through FileuploadInterceptor remain vulnerable; however, those that don't use this outdated method are not affected.",Apache,Apache Struts,,,0.0004299999854993075,false,,true,true,true,2024-12-12T03:15:03.000Z,true,true,true,2024-12-21T05:52:01.776Z,2024-12-11T16:15:00.000Z,6995
CVE-2024-50379,https://securityvulnerability.io/vulnerability/CVE-2024-50379,Race Condition Vulnerability in Apache Tomcat Leading to Remote Code Execution,"The vulnerability allows an attacker to potentially execute arbitrary code on systems running Apache Tomcat, specifically when the default servlet is enabled for write access, and the system is utilizing case insensitive file systems. This occurs due to a timing issue during JSP compilation, which results in a time-of-check time-of-use (TOCTOU) race condition. The affected versions include Apache Tomcat from 11.0.0-M1 to 11.0.1, 10.1.0-M1 to 10.1.33, and 9.0.0.M1 to 9.0.97. To mitigate this vulnerability, it is crucial for users to upgrade to the patched versions: 11.0.2, 10.1.34, or 9.0.98.",Apache,Apache Tomcat,9.8,CRITICAL,0.0004299999854993075,false,,true,false,true,2024-12-20T14:24:10.000Z,true,true,true,2024-12-24T00:52:01.825Z,2024-12-17T13:15:00.000Z,9063
CVE-2024-56337,https://securityvulnerability.io/vulnerability/CVE-2024-56337,Race Condition Vulnerability in Apache Tomcat Affects Multiple Versions,"CVE-2024-56337 is a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability affecting Apache Tomcat across several versions. The vulnerability arises when Tomcat is run on a case-insensitive file system with the default servlet write capability enabled. Users may be exposed if they do not properly configure their systems as the initial workaround for CVE-2024-50379 was insufficient. Specifically, additional configuration is vital for systems utilizing Java 8 or Java 11, where the system property 'sun.io.useCanonCaches' needs to be set to false. For Java 17, the same property, if originally set, must also be false, while Tomcat versions 11.0.3, 10.1.35, and 9.0.99 and higher will check this setting before allowing default servlet write access on case-insensitive file systems, automatically applying the appropriate configurations where applicable.",Apache,Apache Tomcat,9.8,CRITICAL,0.0004299999854993075,false,,true,false,true,2025-01-27T16:33:56.000Z,,true,true,2024-12-26T02:52:02.176Z,2024-12-20T16:15:00.000Z,6396
CVE-2024-52046,https://securityvulnerability.io/vulnerability/CVE-2024-52046,Remote Code Execution Risk in Apache MINA ObjectSerializationDecoder,"The ObjectSerializationDecoder in Apache MINA is vulnerable due to its reliance on Java's native deserialization without implementing proper security measures. This flaw allows attackers to exploit the deserialization process by sending specially crafted data, which may result in remote code execution on the affected systems. The vulnerability impacts MINA core versions 2.0.X, 2.1.X, and 2.2.X, necessitating upgrades to the patched versions: 2.0.27, 2.1.10, and 2.2.4. Applications utilizing the IoBuffer#getObject() method and employing ProtocolCodecFilter with ObjectSerializationCodecFactory are particularly at risk. To safeguard against this vulnerability, developers must not only update the MINA library but also configure the ObjectSerializationDecoder to explicitly permit the deserialization of specific class names and patterns. By default, the decoder rejects all class types present in incoming serialized data, thereby providing a layer of security when correctly configured.",Apache,Apache Mina,10,CRITICAL,0.0004299999854993075,false,,false,false,false,,,true,true,2024-12-31T06:52:02.724Z,2024-12-25T10:06:23.887Z,6153
CVE-2024-45387,https://securityvulnerability.io/vulnerability/CVE-2024-45387,SQL Injection Vulnerability in Apache Traffic Control,"A vulnerability exists in Traffic Ops of Apache Traffic Control that allows a privileged user with roles such as 'admin', 'federation', 'operations', 'portal', or 'steering' to perform SQL injection attacks. By crafting a specially-designed PUT request, these users can execute arbitrary SQL commands against the database, potentially compromising data integrity and confidentiality. It is essential for users operating susceptible versions of Apache Traffic Control to upgrade to version 8.0.2 to mitigate this risk effectively.",Apache,Apache Traffic Control,9.9,CRITICAL,0.0004299999854993075,false,,true,true,true,2024-12-25T09:18:55.000Z,,true,false,,2024-12-23T15:30:13.873Z,2874
CVE-2024-45507,https://securityvulnerability.io/vulnerability/CVE-2024-45507,Server-Side Request Forgery (SSRF) and Improper Control of Generation of Code (Code Injection) Vulnerability in Apache OFBiz,"A vulnerability has been identified in Apache OFBiz that allows for server-side request forgery (SSRF) due to improper handling of code generation. This flaw can enable an attacker to manipulate web requests from the server, potentially leading to unauthorized access or data exposure. The vulnerability affects Apache OFBiz versions prior to 18.12.16. It is highly recommended that users upgrade to version 18.12.16 or later to mitigate this issue. For detailed information, users can refer to the official patches and mitigation strategies provided by Apache.",Apache,Apache Ofbiz,9.8,CRITICAL,0.6534799933433533,false,,false,false,false,,,true,false,,2024-09-04T08:08:33.876Z,3498
CVE-2024-27348,https://securityvulnerability.io/vulnerability/CVE-2024-27348,RCE Vulnerability in Apache HugeGraph-Server,"Apache HugeGraph-Server has a remote command execution vulnerability that affects users running versions from 1.0.0 to 1.2.9 with Java 8 and Java 11. This issue allows attackers to execute arbitrary commands on the server, exposing sensitive data and resulting in potential system compromise. To mitigate this security risk, it is crucial for users to upgrade to version 1.3.0 or later while also enabling the authentication system, which strengthens the application's security posture. For further configuration details, refer to the official documentation.",Apache,Apache Hugegraph-server,9.8,CRITICAL,0.9602599740028381,true,2024-09-18T00:00:00.000Z,true,false,true,2024-06-04T04:08:24.000Z,true,true,false,,2024-04-22T14:08:06.294Z,9704