1460 matches found
PT-2025-21164
Name of the Vulnerable Software and Affected Versions Progress Telerik UI for AJAX versions 2011.2.712 through 2025.1.218 Description An unsafe reflection issue exists in Progress Telerik UI for AJAX. This flaw can lead to an unhandled exception, potentially causing a crash of the hosting process...
Progress Telerik UI 资源管理错误漏洞
Progress Telerik UI is a suite of UI user interface controls for application development from Progress, Inc. A security vulnerability exists in Progress Telerik UI versions 2011.2.712 through 2025.1.218, which stems from insecure reflection that could lead to unhandled exceptions, which in turn...
CVE-2025-47244
Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C reflection layer, as demonstrated by causing a denial of service when an attacker executes a loop calling RestartWeb or obtaining potentially sensitive information. Exploitation can occur if...
CVE-2025-47244
Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C reflection layer, as demonstrated by causing a denial of service when an attacker executes a loop calling RestartWeb or obtaining potentially sensitive information. Exploitation can occur if...
Inedo ProGet 安全漏洞
Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet version 2024.22 and earlier, which stems from a C reflection layer that allows remote attackers to access restricted functionality, potentially resulting in a denial of service or access to...
CVE-2025-47244
CVE-2025-47244 affects Inedo ProGet (versions 2024.22 and earlier). The vulnerability stems from the C# reflection layer, which can be abused by remote attackers to reach restricted functionality, potentially causing a denial of service (e.g., looping RestartWeb) or exposing sensitive information...
CVE-2025-27333
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alvego Protected wp-login protected-wp-login allows Reflected XSS.This issue affects Protected wp-login: from n/a through = 2.1...
CVE-2025-43717
In PEAR HTTPRequest2 before 2.7.0, multiple files in the tests directory, notably tests/network/getparameters.php and tests/network/postparameters.php, reflect any GET or POST parameters, leading to XSS...
CVE-2025-43717
PEAR HTTP_Request2 is vulnerable prior to version 2.7.0. The issue arises because multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, reflect any GET or POST parameters, leading to Cross-Site Scripting (XSS). The root cause is inp...
Remote Code Execution (RCE)
generator-jhipster-entity-audit is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe reflection caused by using Javers as the Entity Audit Framework, which allows malicious classes on the classpath to be exploited through exposed REST endpoints...
GHSA-7RMP-3G9F-CVQ8 generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework
Summary CWE-470 Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' when having Javers selected as Entity Audit Framework Details In the following two occurences, user input directly leads to class loading without checking against e.g. a whitelist of allowed classes...
generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework
Summary CWE-470 Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' when having Javers selected as Entity Audit Framework Details In the following two occurences, user input directly leads to class loading without checking against e.g. a whitelist of allowed classes...
CVE-2025-31119
generator-jhipster-entity-audit (a JHipster module) is affected by unsafe reflection when Javers is used as the Entity Audit Framework. Before version 5.9.1, an attacker who can place malicious classes on the classpath and access the REST endpoints could trigger remote code execution. The issue i...
CVE-2025-31119 CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework
generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath...
CVE-2025-31119 CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework
generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath...
PT-2025-14791 · Jhipster · Generator-Jhipster-Entity-Audit
Name of the Vulnerable Software and Affected Versions: generator-jhipster-entity-audit versions prior to 5.9.1 Description: The issue allows for unsafe reflection when Javers is selected as the Entity Audit Framework. If an attacker can place malicious classes into the classpath and access the RE...
generator-jhipster-entity-audit 安全漏洞
generator-jhipster-entity-audit is a JHipster module in the JHipster open source for enabling entity auditing and audit log pages. A security vulnerability exists in generator-jhipster-entity-audit versions prior to 5.9.1 that stems from insecure reflection that could lead to remote code executio...
CVE-2025-2794
An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180...
Anatomy of a SYN-ACK Attack
...
CVE-2025-2794
An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180...