CVE-2021-33208

The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file...

SUSE CVE-2025-2529

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...

CVE-2025-2529

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...

EUVD-2025-34672

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...

CVE-2025-2529

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...

CVE-2025-2529

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...

CVE-2025-2529 IBM Terracotta denial of service

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...

CVE-2025-2529

Summary of CVE-2025-2529 (IBM Terracotta Ehcache 3.x) IBM Terracotta’s Ehcache 3.x library was found to be vulnerable to a hash-flooding DoS when applications use cache keys sourced from external/untrusted parties without filtration or salting. The public-facing description from IBM identifies de...

CVE-2025-2529 IBM Terracotta denial of service

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...

Security Bulletin: Ehcache library of IBM Terracotta hash flooding DoS vulnerability

Summary The Ehcache 3.x component library of IBM Terracotta was found to have a hash flooding DoS vulnerability that can affect applications that use cache keys directly sourced from end users. Vulnerability Details CVEID:CVE-2025-2529 DESCRIPTION: Applications using affected versions of Ehcache...

EUVD-2020-0346

Malware in sbrugna...

EUVD-2019-0625

Malware in sbrugna...

EUVD-2021-19920

Malware in sbrugna...

EUVD-2020-23784

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-20330

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. CVE-2019-20330 Note that Nessus relies on the presence of the package as...

jackson-databind: default typing mishandling leading to remote code execution

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

SUSE CVE-2019-14379

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup, leading to remote code execution...

SUSE CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

SUSE CVE-2019-20330

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking...

org.apache.camel:camel-shiro (=2.5.0), org.apache.shiro.samples:samples-aspectj (=1.0.0-incubating) +29 more potentially affected by CVE-2022-40664 via org.apache.shiro:shiro-core (=1.0.0-incubating)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.shiro:shiro-core and may be impacted: - org.apache.camel:camel-shiro =2.5.0 - org.apache.shiro.samples:samples-aspectj...