11 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection due to the AbstractFilterExpressionConverter's handling of operator characters, such as || and &&. This allows authenticated users to bypass metadata-based access controls by supplying arbitrary JSONPath queries to access...
GHSA-PW25-C82R-75MM request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1
request-filtering-agent versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. Impact: Vulnerable patterns requests that should be blocked but are allowed: - https://127.0.0.1:443/api -...
OESA-2025-1818 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...
OESA-2025-1817 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...
OESA-2025-1815 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...
Improper Authentication
Overview omniauth-microsoftgraph is an omniauth provider for new Microsoft Graph API. Affected versions of this package are vulnerable to Improper Authentication due to missing validation of the email attribute. An attacker can take over accounts by exploiting the trust placed in the email as a...
PT-2023-30183 · Apache +3 · Apache Shiro +3
Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.13.0 Apache Shiro versions 2.0.0-alpha-1 through 2.0.0-alpha-3 Description: The issue is related to a URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apach...
PT-2023-10828
Name of the Vulnerable Software and Affected Versions Blue Yonder postgraas server versions up to 2.0.0b2 Description A critical issue was found in the PostgreSQL Backend Handler component, specifically in the create pg connection/create postgres db function of the postgraas...
PT-2023-14756 · Apache · Apache Streampark
Name of the Vulnerable Software and Affected Versions: Apache StreamPark versions prior to 2.0.0 Description: The issue allows any user to upload a jar as an application without mandatory verification of the uploaded file type. This enables users to upload high-risk files and potentially upload...
PT-2022-28091 · Tss-Lib · Tss-Lib
Name of the Vulnerable Software and Affected Versions: tss-lib versions prior to 2.0.0 Description: The issue concerns a collision of hash values. This collision can potentially lead to security issues, although specific details about exploitation or affected devices are not provided...
PT-2020-12507 · Freerdp +7 · Freerdp +7
Name of the Vulnerable Software and Affected Versions: FreeRDP versions 1.0 through 2.0.0 Description: The issue is related to an out-of-bound read in the update read bitmap data function, which allows client memory to be read into an image buffer. The result of this action is displayed on the...