BIT-JRE-2022-21549

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...

PT-2026-38767

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...

PT-2026-37746

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the processing of ZIP-based file type detection via the fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile functions. An attacker can cause excessive memory consumption by...

CVE-2026-32630 file-type affected by ZIP Decompression Bomb DoS via [Content_Types].xml entry

file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile. The ZIP inflate output limit is enforced for...

PT-2026-25383

Summary A crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile. In affected versions, the ZIP inflate output limit is enforced for stream-based detection, but not for known-size inputs. As a...

PT-2024-23284 · Unknown · Contest Gallery

Name of the Vulnerable Software and Affected Versions: Contest Gallery versions prior to 21.3.2 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential unauthorized access or...

WordPress Contest Gallery Plugin <= 21.3.2 is vulnerable to SQL Injection

Software Contest Gallery Type Plugin Vulnerable versions = 21.3.2 Fixed in 21.3.2.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30238 Patch priority Low CVSS severity Low 8.5 Developer Wasiliy Strecker PSID 958738d19609 Credits LVT-tholv2k Required privilege Contributor...

OpenJDK: random exponentials issue (Libraries, 8283875)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: class compilation issue (Hotspot, 8281859)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitab...

UBUNTU-CVE-2022-21549

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...