8 matches found
CVE-2026-42782 Apache Syncope: Post-auth RCE via Groovy static
Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...
CVE-2026-24932 An improper certificate validation vulnerability was found in ADM while updating the DDNS settings.
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...
org.apache.cxf.systests:cxf-systests-jaxrs (>=4.1.0 <=4.1.2), org.apache.cxf.systests:cxf-systests-transport-jms (>=4.1.0 <=4.1.2) +7 more potentially affected by CVE-2025-48913 via org.apache.cxf:cxf-rt-transports-jms (>=4.1.0 <=4.1.2)
org.apache.cxf:cxf-rt-transports-jms MAVEN version =4.1.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =4.1.2 - org.ow2.petals.samples.soap:cxf-server =5.2.0-1.0.0 - org.ow2.petals.samples.soap:cxf-simple-clients =5.2.0-1.0.0 - org.ow2.petals.samples.soap:cxf-wsa-async-client =5.2.0-1.0.0...
PT-2022-20586 · Openzeppelin · Openzeppelin Contracts
Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 4.1.0 through 4.7.1 Description: The issue concerns the SignatureChecker reverting in certain cases, which is not expected. This occurs due to an incorrect assumption about Solidity 0.8's abi.decode, specifical...
br.com.anteros:Anteros-JSONDoc-Maven-Plugin (=1.0.0), br.com.anteros:Anteros-JSONDoc-SpringMVC (=1.0.0) +49 more potentially affected by CVE-2014-3625 via org.springframework:spring-webmvc (>=4.1.0.RELEASE <=4.1.1.RELEASE)
org.springframework:spring-webmvc MAVEN version =4.1.0.RELEASE, =0.7, =0.14.0, =0.14.0, =0.0.1-RELEASE, =1.3, =1.2, =1.31, =1.4, =1.0.1, =2.0.0, =0.1.0, =0.2.1 and more Source cves: CVE-2014-3625 Source advisory: OSV:GHSA-HHM4-HWQ6-3C6W...
@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +270 more potentially affected by CVE-2018-25031 via swagger-ui (>=2.0.17 <=4.1.0)
swagger-ui NPM version =2.0.17, =2.0.0-rc5, =0.1.2, =0.0.1, =1.4.0, =0.0.1, =0.0.4, =1.0.2, =7.0.0, =0.0.0-idm, =1.0.4, =1.1.4 and more Source cves: CVE-2018-25031 Source advisory: OSV:GHSA-CR3Q-PQGQ-M8C2...
PT-2021-18158 · Redmine · Redmine
Name of the Vulnerable Software and Affected Versions: Redmine versions 4.1.0 through 4.1.1 Description: The issue arises from the mishandling of an issue's subject in the auto complete tip, leading to a potential XSS attack. Recommendations: For versions 4.1.0 through 4.1.1, update to version...
Mattermost Server Information Disclosure Vulnerability (CNVD-2020-52027)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.1.0, 4.0.4 and 3.10.3. An attacker can exploit the vulnerability by requesting a JSON document to obtain a team invitation ID...