Lucene search
K

89 matches found

CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

Zabbix 安全漏洞

Zabbix is an open-source monitoring system developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities; one of these vulnerabilities stems from the ability to instantiate arbitrary PHP class...

6.9CVSS5.9AI score0.00285EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/14 9:1 a.m.4 views

CVE-2025-54920

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

6.4AI score0.05341EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/02 3:54 p.m.3 views

CVE-2025-52998

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's...

9.8CVSS5.9AI score0.00367EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/03 5:52 p.m.2 views

GHSA-GJX9-J8F8-7J74 JinJava Bypass through ForTag leads to Arbitrary Java Execution

Impact Vulnerability Type: Sandbox Bypass / Remote Code Execution Affected Component: Jinjava Affected Users: - Organizations using HubSpot's Jinjava template rendering engine for user-provided template content - Any system that renders untrusted Jinja templates using HubSpot's Jinjava...

9.8CVSS6.2AI score0.00889EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/01/22 9:24 a.m.8 views

CVE-2026-1225 Malicious logback.xml configuration file allows instantiation of arbitrary classes

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

1.8CVSS5.5AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/19 3:46 p.m.12 views

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

8.6CVSS0.00267EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-0603

Malware in sbrugna...

9.8CVSS9.2AI score0.02805EPSS
Exploits1References17
Snyk
Snyk
added 2025/09/17 8:43 p.m.6 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview com.hubspot.jinjava:jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates at least the subset of jinja in use in HubSpot content. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a...

10CVSS7.5AI score0.02315EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-31084

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 There are...

9CVSS7.5AI score0.02346EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/06/18 12:0 a.m.8 views

The vulnerability of the Chamilo LMS electronic learning and content management system, related to deficiencies in the deserialization mechanism used by the operating system, allows attackers to create arbitrary classes.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, is related to deficiencies in the deserialization mechanisms used in the operating system. Exploiting this vulnerability could allow an attacker to create arbitrary classes...

9CVSS5.7AI score0.00344EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 9:17 p.m.24 views

CVE-2021-32824

Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods t...

9.8CVSS7.7AI score0.02909EPSS
Exploits1
OSV
OSV
added 2025/03/20 10:11 a.m.15 views

CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...

8.1CVSS7.6AI score0.7939EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.32 views

CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...

8.1CVSS0.7939EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

Yii2 安全漏洞

Yii2 is a fast, secure and professional PHP framework from Yii Open Source. A security vulnerability exists in Yii2 version 2.0.48, which stems from the set method of the Component class that does not validate the behavioral class name or configuration, which could lead to arbitrary class...

9.1CVSS8.2AI score0.7939EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:18 a.m.8 views

CVE-2024-24824

Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Graylog's cluster config system uses fully qualified class...

8.8CVSS8.7AI score0.34498EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/06/02 12:0 a.m.9 views

PT-2024-33740 · Yii2 · Yii2

Name of the Vulnerable Software and Affected Versions: yiisoft/yii2 version 2.0.48 Description: The base Component class in yiisoft/yii2 contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an...

9.1CVSS7.9AI score0.7939EPSS
Exploits1References28
OSV
OSV
added 2024/02/07 6:23 p.m.3 views

GHSA-P6GG-5HF4-4RGJ Graylog vulnerable to instantiation of arbitrary classes triggered by API request

Summary Arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Details Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads...

8.8CVSS7.5AI score0.34498EPSS
Exploits2References6
NVD
NVD
added 2024/02/07 6:15 p.m.18 views

CVE-2024-24824

Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Graylog's cluster config system uses fully qualified class...

8.8CVSS8.8AI score0.34498EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2024/02/07 5:25 p.m.4 views

CVE-2024-24824 graylog2-server vulnerable to instantiation of arbitrary classes triggered by API request

Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Graylog's cluster config system uses fully qualified class...

8.8CVSS7.6AI score0.34498EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/05/05 12:0 a.m.5 views

Jedox 安全漏洞

Jedox is a corporate performance management software from Jedox Inc. for planning, analyzing and reporting in finance and other areas such as sales, human resources and purchasing. A security vulnerability exists in Jedox version 2022.4.2 and earlier versions. An attacker can exploit the...

7.5CVSS7.7AI score0.06247EPSS
Exploits7References9
Rows per page
Query Builder