Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

455 matches found

Cvelist
Cvelistadded 2020/03/19 5:56 p.m.11 views

CVE-2019-20526

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter...

6.1AI score0.00471EPSS
Exploits1References1
Cvelist
Cvelistadded 2020/03/19 5:56 p.m.14 views

CVE-2019-20525

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...

6AI score0.00471EPSS
Exploits1References1
Prion
Prionadded 2020/03/19 2:15 p.m.12 views

Design/Logic Flaw

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter...

4.3CVSS5.9AI score0.00471EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2020/03/18 7:15 p.m.10 views

CVE-2019-20528

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter...

6.1CVSS6AI score0.00471EPSS
Exploits1References1
OSV
OSVadded 2020/03/18 7:15 p.m.8 views

CVE-2019-20528

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter...

6.1CVSS5.8AI score
Exploits0References1
RedHat Linux
RedHat Linuxadded 2020/03/18 2:51 p.m.2 views

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7AI score0.00669EPSS
Exploits1References4
NVD
NVDadded 2020/03/11 9:15 p.m.10 views

CVE-2020-1947

In Apache ShardingSphereincubator 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security...

9.8CVSS9.5AI score0.85457EPSS
Exploits1References1
OSV
OSVadded 2020/01/28 1:15 a.m.9 views

CVE-2019-20434

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Datasource creation page of the Management Console...

4.8CVSS5.7AI score0.00358EPSS
Exploits1References3
NVD
NVDadded 2020/01/28 1:15 a.m.7 views

CVE-2019-20434

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Datasource creation page of the Management Console...

4.8CVSS4.9AI score0.00358EPSS
Exploits1References3
Prion
Prionadded 2020/01/28 1:15 a.m.13 views

Cross site scripting

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Datasource creation page of the Management Console...

3.5CVSS4.9AI score0.00358EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2020/01/27 11:38 p.m.10 views

CVE-2019-20434

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Datasource creation page of the Management Console...

4.8CVSS4.9AI score0.00358EPSS
Exploits1References3
CVE
CVEadded 2020/01/27 11:38 p.m.73 views

CVE-2019-20434

WSO2 API Manager 2.6.0 is affected by a potential Reflected Cross-Site Scripting (XSS) vulnerability in the Datasource creation page of the Management Console. The issue arises from insufficient validation of client-side data in the web application, which could allow an attacker to execute client...

4.8CVSS4.9AI score0.00358EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2020/01/27 12:0 a.m.3 views

PT-2020-10445 · Wso2 · Wso2 Api Manager

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager version 2.6.0 Description: A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Datasource creation page of the Management Console. Recommendations: For WSO2 API Manager version 2.6.0,...

4.8CVSS4.9AI score0.00358EPSS
Exploits1References6
RedHat Linux
RedHat Linuxadded 2020/01/21 3:22 a.m.2 views

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7AI score0.00669EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2020/01/21 2:57 a.m.2 views

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7AI score0.00669EPSS
Exploits1References4
Hacker One
Hacker Oneadded 2019/10/30 9:47 a.m.15 views

Open-Xchange: Unchecked URL in attachment datasource

Implementation of com.openexchange.url.mail.attachment datasource does no validation of url parameter. Any URL supported by Java's URLConnection can be read. Attached is an exploit which reads /etc/hostname file from sandbox server. Impact Any URL supported by Java's URLConnection can be read...

2.6AI score
Exploits0
Kitploit
Kitploitadded 2019/10/26 11:54 a.m.157 views

ATTACKdatamap - A Datasource Assessment On An Event Level To Show Potential Coverage Or The MITRE ATT&CK Framework

A datasource assessment on an event level to show potential coverage of the "MITRE ATT&CK" framework. This tool is developed by me and has no affiliation with "MITRE" nor with its great "ATT&CK" team, it is developed with the intention to ease the mapping of data sources to assess one's potential...

7.2AI score
Exploits0References2
RedHat Linux
RedHat Linuxadded 2019/10/24 9:18 a.m.1 views

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7AI score0.00669EPSS
Exploits1References4
OSV
OSVadded 2019/09/15 10:15 p.m.1 views

DEBIAN-CVE-2019-16335

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540...

9.8CVSS7.1AI score0.00669EPSS
Exploits1References1
OSV
OSVadded 2019/09/15 10:15 p.m.0 views

UBUNTU-CVE-2019-16335

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540...

9.8CVSS6.9AI score0.00669EPSS
Exploits1References5
Rows per page
Query Builder