Lucene search
+L

8 matches found

cvelist
cvelist
added 2026/05/25 2:58 p.m.33 views

CVE-2026-42782 Apache Syncope: Post-auth RCE via Groovy static

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

0.00652EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/03 2:19 a.m.36 views

CVE-2026-24932 An improper certificate validation vulnerability was found in ADM while updating the DDNS settings.

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS0.00206EPSS
Exploits0References1
vulnersosv
vulnersosv
added 2025/08/08 12:32 p.m.8 views

org.apache.cxf.systests:cxf-systests-jaxrs (>=4.1.0 <=4.1.2), org.apache.cxf.systests:cxf-systests-transport-jms (>=4.1.0 <=4.1.2) +7 more potentially affected by CVE-2025-48913 via org.apache.cxf:cxf-rt-transports-jms (>=4.1.0 <=4.1.2)

org.apache.cxf:cxf-rt-transports-jms MAVEN version =4.1.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =4.1.2 - org.ow2.petals.samples.soap:cxf-server =5.2.0-1.0.0 - org.ow2.petals.samples.soap:cxf-simple-clients =5.2.0-1.0.0 - org.ow2.petals.samples.soap:cxf-wsa-async-client =5.2.0-1.0.0...

9.8CVSS7.1AI score0.00793EPSS
Exploits0
ptsecurity
ptsecurity
added 2022/07/21 12:0 a.m.7 views

PT-2022-20586 · Openzeppelin · Openzeppelin Contracts

Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 4.1.0 through 4.7.1 Description: The issue concerns the SignatureChecker reverting in certain cases, which is not expected. This occurs due to an incorrect assumption about Solidity 0.8's abi.decode, specifical...

7.5CVSS7.3AI score0.00413EPSS
Exploits0References5
vulnersosv
vulnersosv
added 2022/05/13 1:2 a.m.5 views

br.com.anteros:Anteros-JSONDoc-Maven-Plugin (=1.0.0), br.com.anteros:Anteros-JSONDoc-SpringMVC (=1.0.0) +49 more potentially affected by CVE-2014-3625 via org.springframework:spring-webmvc (>=4.1.0.RELEASE <=4.1.1.RELEASE)

org.springframework:spring-webmvc MAVEN version =4.1.0.RELEASE, =0.7, =0.14.0, =0.14.0, =0.0.1-RELEASE, =1.3, =1.2, =1.31, =1.4, =1.0.1, =2.0.0, =0.1.0, =0.2.1 and more Source cves: CVE-2014-3625 Source advisory: OSV:GHSA-HHM4-HWQ6-3C6W...

5CVSS7.1AI score0.1005EPSS
Exploits5
vulnersosv
vulnersosv
added 2022/03/12 12:0 a.m.5 views

@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +270 more potentially affected by CVE-2018-25031 via swagger-ui (>=2.0.17 <=4.1.0)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =0.1.2, =0.0.1, =1.4.0, =0.0.1, =0.0.4, =1.0.2, =7.0.0, =0.0.0-idm, =1.0.4, =1.1.4 and more Source cves: CVE-2018-25031 Source advisory: OSV:GHSA-CR3Q-PQGQ-M8C2...

4.3CVSS6.7AI score0.42326EPSS
Exploits4
ptsecurity
ptsecurity
added 2021/03/29 12:0 a.m.6 views

PT-2021-18158 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions 4.1.0 through 4.1.1 Description: The issue arises from the mishandling of an issue's subject in the auto complete tip, leading to a potential XSS attack. Recommendations: For versions 4.1.0 through 4.1.1, update to version...

6.1CVSS5.9AI score0.00829EPSS
Exploits1References8
cnvd
cnvd
added 2020/06/22 12:0 a.m.7 views

Mattermost Server Information Disclosure Vulnerability (CNVD-2020-52027)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.1.0, 4.0.4 and 3.10.3. An attacker can exploit the vulnerability by requesting a JSON document to obtain a team invitation ID...

5.3CVSS6.7AI score0.0092EPSS
Exploits0References1
Rows per page
Query Builder