4 matches found
CVE-2026-55153
A flaw was found in mchange-commons-java, a Java utility library. This vulnerability allows a remote attacker to achieve arbitrary code execution through Java Naming and Directory Interface JNDI injection. The library's JNDI ObjectFactory can construct objects of arbitrary classes and initialize...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to incorrect state handling in nested execution paths involving the ICS20 precompile. An attacker can repeatedly utilize the same token balance within a single transaction by exploiting...
PT-2025-45102
Name of the Vulnerable Software and Affected Versions Doris MCP Server versions prior to 0.6.0 Description An attacker with a valid read-only account can bypass the Doris MCP Server’s read-only mode due to improper access control. This allows modifications that should have been prevented by...
RUSTSEC-2025-0070 Pingora MadeYouReset HTTP/2 vulnerability
Pingora deployments using versions prior to 0.6.0 that include HTTP/2 server support may be affected by the vulnerability described in CVE-2025-8671. Under certain conditions, Pingora applications may allocate buffers before the HTTP/2 reset and resulting stream cancellation is processed by the...