Critical: Red Hat Security Advisory: Kiali 2.22.2 for Red Hat OpenShift Service Mesh 3.3

Kiali 2.22.2 for Red Hat OpenShift Service Mesh 3.3 is now available. An update is now available for Red Hat OpenShift Service Mesh 3.3. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Critical. A Commo...

EUVD-2025-27118

Malicious code in bioql PyPI...

Deserialization of Untrusted Data

Overview org.apache.jackrabbit:jackrabbit-jcr-commons is a fully conforming implementation of the Content Repository for Java Technology API. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JCR lookup functionality. An attacker can execute arbitrary...

Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data

There is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup fr...

GHSA-CXVC-G8F2-4GMM Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data

There is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup fr...

DEBIAN-CVE-2025-58782

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

CVE-2025-58782

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

UBUNTU-CVE-2025-58782

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

CVE-2025-58782 Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

CVE-2024-38531 Nix sandbox escape

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

CVE-2023-25157

CVE-2023-25157 (GeoServer SQL Injection) is triggered by flaws in OGC Filter handling within GeoServer’s WFS/WMS/WCS inputs, enabling SQL injection via filters such as PropertyIsLike, strEndsWith, strStartsWith, jsonArrayContains, and FeatureId under certain datastore conditions. Public details c...

CVE-2019-0194

Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x 2.19 and earlier versions may be also affected...

CVE-2019-0194

Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x 2.19 and earlier versions may be also affected...

Fedora Update for evolution FEDORA-2008-4990

Check for the Version of evolution OpenVAS Vulnerability Test Fedora Update for evolution FEDORA-2008-4990 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Mozilla Bugzilla HTML注入及信息泄露漏洞

Bugzilla是很多软件项目都在使用的基于Web的bug跟踪系统。 Mozilla Bugzilla的几个功能模块实现上存在漏洞，远程攻击者可能利用这些漏洞非授权访问用户机器或获取敏感信息。 Bugzilla没有正确地转义一些Atom feed中所生成的字段，如果feed阅读器支持JavaScript且正确地实现了Atom feed规范的话，就可能导致执行跨站脚本。...