1460 matches found
CVE-2025-2794
An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180...
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' through the system's Content staging feature. An...
CVE-2025-2794 Kentico Xperience <= 13.0.180 Unsafe Reflection
An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180...
CVE-2025-2794
CVE-2025-2794 describes an unsafe reflection vulnerability in Kentico Xperience (affecting Xperience up to and including version 13.0.180). An unauthenticated attacker can trigger the vulnerability to terminate the current process, resulting in a Denial-of-Service condition. The issue is rooted i...
CVE-2025-2794 Kentico Xperience <= 13.0.180 Unsafe Reflection
An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180...
Kentico Xperience 安全漏洞
Kentico Xperience is a digital experience platform from Kentico, Inc. A security vulnerability exists in Kentico Xperience version 13.0.180 and prior versions, which stems from insecure reflection and could lead to a denial of service...
CVE-2025-26573
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JamRizzi Technologies Rizzi Guestbook rizzi-guestbook allows Reflected XSS.This issue affects Rizzi Guestbook: from n/a through = 4.0.1...
CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2
In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...
CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2
In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...
CVE-2025-27107
Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java...
CVE-2025-27107
Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java...
CVE-2025-27107 Integrated Scripting vulnerable to arbitrary code execution via Java reflection
Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java...
CVE-2025-27107 Integrated Scripting vulnerable to arbitrary code execution via Java reflection
Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java...
CVE-2025-27107
CVE-2025-27107 affects Integrated Scripting in Integrated Dynamics for Minecraft servers. The vulnerability allows arbitrary code execution by abusing Java reflection on a thrown exception to escape the JavaScript sandbox in IntegratedScripting’s Variable Cards, enabling an attacker with card cre...
IntegratedScripting 注入漏洞
IntegratedScripting is a Cyclops open source for creating scripts for handling complex operations in integrated dynamics. IntegratedScripting suffers from an injection vulnerability that stems from escaping the JavaScript sandbox via Java reflection on a thrown exception object to construct...
CVE-2023-6943
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1GOT1000 versions 1.325P and prior, GT Designer3 Version1GOT2000 versions 1.320J and prior, GX Works2 versions 1.11M...
OESA-2025-1092 infinispan security update
Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the...
CVE-2021-39185
Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null...
CVE-2022-47153
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPJobBoard Jobeleon Theme allows Reflected XSS.This issue affects Jobeleon Theme: from n/a through 1.9.1...
CVE-2024-5749
Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials...