Exploit for Deserialization of Untrusted Data in Apache Mina

CVE-2026-42779 — Apache MINA Deserialization Filter Bypass to...

GHSA-VF5J-865M-MQ7C Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix)

The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname...

GHSA-995C-6RP3-4M4X Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41409 Incomplete Fix)

The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a stat...

EUVD-2020-7525

Malware in sbrugna...

EUVD-2011-4241

Malware in sbrugna...

EUVD-2011-4239

Malware in sbrugna...

CVE-2020-15539

SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field...

Red Hat Enterprise Linux SEoL (2.1.x)

According to its version, Red Hat Enterprise Linux is 2.1.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL...

Ubuntu 20.04 LTS : HAProxy vulnerability (USN-6294-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6294-2 advisory. USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Tenable has extracted the preceding description...

Checkmk 2.0.x < 2.0.p36, 2.1.x < 2.1.0p28, 2.2.x < 2.2.0b8 Command Injection Vulnerability

Checkmk is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; if...

Checkmk 2.1.x < 2.3.0b1 Information Disclosure Vulnerability

Checkmk is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; if...

SUSE CVE-2018-11760

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...

GHSA-8PH8-9Q2J-C3RQ nodebatis SQL Injection vulnerability

A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 can address this issue. The name of the patch is 6629ff5b7e3d62ad8319007a54589ec1f62c7c35. It is...

GHSA-JCRJ-GMR6-P5J8 Moodle Allows Modification of Constants

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant...

EulerOS 2.0 SP5 : mailman (EulerOS-SA-2022-1277)

According to the versions of the mailman package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the...

EulerOS 2.0 SP3 : mailman (EulerOS-SA-2022-1177)

According to the versions of the mailman package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the...

CVE-2021-31926

The CVE-2021-31926 issue affects CubeCoders AMP 2.1.x prior to 2.1.1.2: a remote, authenticated user can cause the local system firewall to open ports by sending an HTTP(S) request directly to the AMP API endpoint, despite lacking permission to alter network configuration. This vulnerability is d...

CVE-2020-29662

In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path...

CVE-2020-29662

In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path...

CVE-2020-11977

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...