89 matches found
Zabbix 安全漏洞
Zabbix is an open-source monitoring system developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities; one of these vulnerabilities stems from the ability to instantiate arbitrary PHP class...
CVE-2025-54920
This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...
CVE-2025-52998
Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's...
GHSA-GJX9-J8F8-7J74 JinJava Bypass through ForTag leads to Arbitrary Java Execution
Impact Vulnerability Type: Sandbox Bypass / Remote Code Execution Affected Component: Jinjava Affected Users: - Organizations using HubSpot's Jinjava template rendering engine for user-provided template content - Any system that renders untrusted Jinja templates using HubSpot's Jinjava...
CVE-2026-1225 Malicious logback.xml configuration file allows instantiation of arbitrary classes
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...
CVE-2025-10702
Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...
EUVD-2021-0603
Malware in sbrugna...
Improper Neutralization of Special Elements Used in a Template Engine
Overview com.hubspot.jinjava:jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates at least the subset of jinja in use in HubSpot content. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a...
Linux Distros Unpatched Vulnerability : CVE-2022-31084
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 There are...
The vulnerability of the Chamilo LMS electronic learning and content management system, related to deficiencies in the deserialization mechanism used by the operating system, allows attackers to create arbitrary classes.
The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, is related to deficiencies in the deserialization mechanisms used in the operating system. Exploiting this vulnerability could allow an attacker to create arbitrary classes...
CVE-2021-32824
Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods t...
CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2
In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...
CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2
In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...
Yii2 安全漏洞
Yii2 is a fast, secure and professional PHP framework from Yii Open Source. A security vulnerability exists in Yii2 version 2.0.48, which stems from the set method of the Component class that does not validate the behavioral class name or configuration, which could lead to arbitrary class...
CVE-2024-24824
Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Graylog's cluster config system uses fully qualified class...
PT-2024-33740 · Yii2 · Yii2
Name of the Vulnerable Software and Affected Versions: yiisoft/yii2 version 2.0.48 Description: The base Component class in yiisoft/yii2 contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an...
GHSA-P6GG-5HF4-4RGJ Graylog vulnerable to instantiation of arbitrary classes triggered by API request
Summary Arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Details Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads...
CVE-2024-24824
Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Graylog's cluster config system uses fully qualified class...
CVE-2024-24824 graylog2-server vulnerable to instantiation of arbitrary classes triggered by API request
Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Graylog's cluster config system uses fully qualified class...
Jedox 安全漏洞
Jedox is a corporate performance management software from Jedox Inc. for planning, analyzing and reporting in finance and other areas such as sales, human resources and purchasing. A security vulnerability exists in Jedox version 2022.4.2 and earlier versions. An attacker can exploit the...