89 matches found
CVE-2025-52287
OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability...
PT-2025-34476 · Unknown · Operamasks Sdk Elite Script Engine
Name of the Vulnerable Software and Affected Versions: OperaMasks SDK ELite Script Engine version 0.5.0 Description: OperaMasks SDK ELite Script Engine version 0.5.0 contains a deserialization vulnerability. Recommendations: At the moment, there is no information about a newer version that contai...
CVE-2025-52287
OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability...
CVE-2025-52287
OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability...
OperaMasks SDK ELite Script Engine 安全漏洞
OperaMasks SDK ELite Script Engine is a software development kit from OperaMasks, Inc. A security vulnerability exists in OperaMasks SDK ELite Script Engine version 0.5.0, which stems from the presence of a deserialization vulnerability...
CVE-2025-52287
OperaMasks SDK ELite Script Engine v0.5.0 contains a deserialization vulnerability. CVE-2025-52287 shows a NETWORK-exploitable flaw with HIGH impact to confidentiality, integrity, and availability (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Affected component: OperaMasks SDK ELite Script Engine; root ...
Atlassian Confluence Administrator Code Macro Remote Code Execution Exploit
This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This...
Atlassian Confluence Administrator Code Macro Remote Code Execution
This module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will...
Atlassian Confluence Administrator Code Macro Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Administrator Code Macro Remote Code Execution', 'Description' = %q This module exploits an authenticated administrator-leve...
Oracle Business Intelligence Publisher 7.0 (OAS) (April 2024 CPU)
The versions of Oracle Business Intelligence Publisher OAS installed on the remote host are affected by a vulnerability as referenced in the April 2024 CPU advisory. - Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: XML Services. Supported versions that are affecte...
Oracle Business Intelligence Publisher (April 2024 CPU)
The versions of Oracle Business Intelligence Publisher installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: XML Services. Supported versions that are...
CVE-2024-21083
Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Script Engine. Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher...
PT-2023-26537 · Unknown +2 · Helix Core +3
Name of the Vulnerable Software and Affected Versions: helix-core versions prior to 1.3.0 helix-rest versions prior to 1.3.0 Description: An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize...
Apache Helix 代码问题漏洞
Apache Helix is a general-purpose cluster management framework from the Apache USA Foundation for automating the management of partitioning, replication, and distributed resources hosted on clusters of nodes. Apache Helix suffers from a deserialization vulnerability that stems from the ability to...
PT-2023-21940 · Oracle +1 · Java +1
Name of the Vulnerable Software and Affected Versions: ShardingSphere-Agent versions through 5.3.2 Description: The Deserialization of Untrusted Data issue in Apache ShardingSphere-Agent allows attackers to execute arbitrary code by constructing a special YAML configuration file. An attacker must...
CVE-2023-32200 Apache Jena: Exposure of execution in script engine expressions.
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...
CVE-2023-22665 Apache Jena: Exposure of arbitrary execution in script engine expressions.
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...
GHSA-QMFC-6WWW-FJQW Code injection in Apache Dubbo
Apache Dubbo prior to 2.6.9 and 2.7.10 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run...
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code...
Apache Dubbo 安全漏洞
Apache Dubbo is the Apache Foundation of a Java-based high-performance open source RPC framework . An arbitrary command execution vulnerability exists in several versions of Dubbo. An attacker can exploit this vulnerability by injecting malicious code into the routing scripts , the default...