3 matches found
CVE-2026-41862
Spring Statemachine's Kryo-based persistence backends JPA, MongoDB, Redis and ZooKeeper deserialise persisted state-machine contexts without enforcing a class allowlist CWE-502, deserialisation of untrusted data, which can lead to remote code execution inside the application JVM. Affected version...
PT-2024-13642 · Crocoblock · Crocoblock Jetengine
Name of the Vulnerable Software and Affected Versions: Crocoblock JetEngine versions 3.2.4 and earlier Description: The issue is related to Improper Privilege Management, which allows Privilege Escalation in Crocoblock JetEngine. Recommendations: For versions 3.2.4 and earlier, update to a versio...
PT-2023-15917 · Nuxsmin · Syspass
Name of the Vulnerable Software and Affected Versions: nuxsmin sysPass versions up to 3.2.4 Description: A problematic vulnerability was found in the URL Handler component, leading to cross-site scripting. The attack can be launched remotely. Recommendations: For versions up to 3.2.4, upgrade to...