Lucene search
+L

63 matches found

CNNVD
CNNVD
added 2025/07/16 12:0 a.m.5 views

META-INF Kft. Email This Issue 安全漏洞

META-INF Kft. Email This Issue is an advanced email management plugin for Jira from Hungarian company META-INF Kft. A security vulnerability exists in versions prior to META-INF Kft. Email This Issue 9.13.0-GA, which stems from the injection of a specially crafted payload into the recipient field...

5.4CVSS6.8AI score0.0017EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:21 p.m.5 views

CVE-2022-45129

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise befo...

7.5CVSS7AI score0.01337EPSS
Exploits3References1
Fedora
Fedora
added 2024/03/07 10:33 p.m.25 views

[SECURITY] Fedora 40 Update: sisu-mojos-0.9.0~M2-4.fc40

The Sisu Plugin for Maven provides mojos to generate META-INF/sisu/javax.inject.Named index files for the Sisu container...

8.8CVSS6.8AI score0.02578EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.41 views

Atlassian Jira 8.0.0 < 8.0.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4, 8.0.0 prior to 8.0.4 or 8.1.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers w...

8.1CVSS6.5AI score0.59832EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2022/11/10 12:1 p.m.7 views

Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise befo...

7.5CVSS7.1AI score0.01337EPSS
Exploits3References11Affected Software1
NVD
NVD
added 2022/11/10 6:15 a.m.23 views

CVE-2022-45129

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise befo...

7.5CVSS0.01337EPSS
Exploits3References7
Prion
Prion
added 2022/11/10 6:15 a.m.34 views

Code injection

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise befo...

5CVSS7.4AI score0.01337EPSS
Exploits3References7Affected Software1
CNNVD
CNNVD
added 2022/11/10 12:0 a.m.4 views

Payara Server 路径遍历漏洞

Payara Server is a cloud-native, innovative open source middleware platform from Payara UK. A security vulnerability exists in versions of Payara prior to 2022-11-04. This vulnerability allows an attacker to access the META-INF and WEB-INF.The following products and versions are affected: Payara...

7.5CVSS7.3AI score0.01337EPSS
Exploits3References11
Cvelist
Cvelist
added 2022/11/10 12:0 a.m.30 views

CVE-2022-45129

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise befo...

7.7AI score0.01337EPSS
Exploits3References7
OSV
OSV
added 2022/11/10 12:0 a.m.37 views

CVE-2022-45129

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise befo...

7.5CVSS7.5AI score0.01337EPSS
Exploits3References9
OSV
OSV
added 2022/05/22 12:0 a.m.39 views

GHSA-2C65-RQ62-FQHQ Path traversal in Gitblit

A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ e.g., followed by a WEB-INF or META-INF pathname...

7.5CVSS7.3AI score0.10225EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/05/21 9:15 p.m.4 views

CVE-2022-31268

A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ e.g., followed by a WEB-INF or META-INF pathname...

7.5CVSS7.1AI score0.10225EPSS
Exploits1References3
Prion
Prion
added 2022/05/21 9:15 p.m.23 views

Path traversal

A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ e.g., followed by a WEB-INF or META-INF pathname...

5CVSS7.4AI score0.10225EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/05/13 1:1 a.m.4 views

GHSA-X6JW-2F23-MC5J Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitiv...

5.3CVSS7.2AI score0.0197EPSS
Exploits0References6
OSV
OSV
added 2021/03/01 5:15 p.m.2 views

CVE-2020-36240

The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check...

5.3CVSS6.2AI score0.01233EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/03/01 12:0 a.m.5 views

Crowd 安全漏洞

Atlassian Crowd is a Web-based single sign-on system from Atlassian Australia. The system provides authentication, authorization and other features for multi-user, web applications and directory servers. A security vulnerability exists in Crowd before version 4.0.4, and from version 4.1.0 before...

5.3CVSS6AI score0.01233EPSS
Exploits0References2
CNVD
CNVD
added 2021/02/23 12:0 a.m.66 views

Atlassian Jira Server and Jira Data Center Path Traversal Vulnerability

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA. Atlassian Jira Server and Jira Data Center are...

5.3CVSS4.7AI score0.23086EPSS
Exploits0References1
OSV
OSV
added 2021/02/22 9:15 p.m.6 views

CVE-2020-29453

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access che...

5.3CVSS5.9AI score0.23086EPSS
Exploits0References1
OSV
OSV
added 2021/02/22 9:15 p.m.5 views

CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect...

5.3CVSS6.2AI score0.0233EPSS
Exploits0References1
Prion
Prion
added 2021/02/22 9:15 p.m.22 views

Path traversal

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect...

5CVSS5.6AI score0.0233EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder