MISP 输入验证错误漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics, and it includes features such as analysis of threats to network security and malware analysis. Prior to MISP 2.5.37, there was a...

CVE-2025-64112

Statmatic is a Laravel and Git powered content management system CMS. Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fix...

GHSA-G59R-24G3-H7CM Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation

Impact Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This affects: - Control panel users with permission to create or edit Collections and...

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

PT-2023-25985 · Unknown · Zenstruck/Collections

Name of the Vulnerable Software and Affected Versions: zenstruck/collections versions prior to 0.2.1 Description: The issue arises from passing callable strings, such as system, which causes the function to be executed. This results in a limited subset of specific user input being executed as if ...

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

CVE-2021-2247

Vulnerability in the Oracle Advanced Collections product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanc...

Lexmark Markvision Enterprise Code Issue Vulnerability

Lexmark Markvision Enterprise is the United States Lexmark Lexmark company's set of Web-based network device management software. The software is mainly used to manage network devices such as printers. A security vulnerability exists in the Apache Commons Collections inventory in Lexmark Markvisi...

Security Bulletin: Vulnerability in Apache Commons affects IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerability Details IBM Business Proce...

CVE-2016-4372

CVE-2016-4372 affects HPE HP iMC suite (PLAT, EAD, APM, NTA, BIMS, UAM_TAM) prior to 7.2 E0403P04/E0405P05/E0401P04/E0401P01/E0402P02/E0405P05. The vulnerability stems from unsafe Java deserialization via the Apache Commons Collections (ACC) library, allowing remote attackers to execute arbitrary...

F5 Networks BIG-IP : Java commons-collections library vulnerability (K30518307)

CVE-2015-4852 Java applications that have an endpoint that accepts serialized Java objects, an attacker can combine serializable collections to create arbitrary remote code execution. Based on the FoxGlove, an attack can be done via RMI or HTTP. The vulnerability is actually in InvokerTransformer...

Fedora Update for gthumb FEDORA-2011-5200

Check for the Version of gthumb OpenVAS Vulnerability Test Fedora Update for gthumb FEDORA-2011-5200 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...