cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23966 via org.webjars.npm:sm-crypto (=0.3.13)

org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...

CVE-2019-2777

Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM subcomponent: Search. Supported versions that are affected are 19.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - Server...

CVE-2021-2353

Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM component: Loging. Supported versions that are affected are 21.5 and Prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Siebel Core - Server Framework...

CVE-2025-69211

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...

Adobe ColdFusion Input Validation Improperity Vulnerability (CNVD-2026-0494539)

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. An improper input validation vulnerability exists in Adobe ColdFusion, whi...

Arcade MCP Server Framework 信任管理问题漏洞

Arcade MCP Server Framework is an open source MCP server framework from Arcade.dev. A trust management issue vulnerability exists in Arcade MCP Server Framework versions prior to 1.5.4, which stems from hard-coding the default working key, which could lead to bypassing the authentication layer...

EUVD-2025-122024

Malicious code in server-framework-andromeda-aurora npm...

MAL-2025-147899 Malicious code in server-framework-andromeda-aurora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1bf77a21aa60073ee5c5f6339fcbd7faac1ac57a81404777827d4cd1dd5a0e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2017-0221

Malware in sbrugna...

EUVD-2016-6406

Malware in sbrugna...

EUVD-2016-6404

Malware in sbrugna...

EUVD-2016-4495

Malware in sbrugna...

EUVD-2016-4476

Malware in sbrugna...

EUVD-2023-35501

Malicious code in bioql PyPI...

Regular Expression Denial of Service (ReDoS)

Overview @oakserver/oak is an A middleware framework for handling HTTP requests Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the x-forwarded-proto or x-forwarded-for headers. An attacker can cause significant performance degradation by sending...

CVE-2021-2039

Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM component: Search. Supported versions that are affected are 20.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Core - Server Framework...

Oracle Siebel Server < 17.6 (April 2018 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2018 CPU advisory. - Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM subcomponent: EAI Apache Tomcat. The supported version that is affected i...

Oracle Siebel Server (July 2021 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory. - Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM component: Services jackson-databind. Supported versions that are...

CVE-2024-42367

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...