org.apache.syncope.core.am:syncope-core-am-logic (>=4.0.0 <=4.0.1), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=4.0.0 <=4.0.1) +17 more potentially affected by CVE-2025-57738 via org.apache.syncope.core:syncope-core-provisioning-java (>=4.0.0 <=4.0.1)

org.apache.syncope.core:syncope-core-provisioning-java MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.1 and mo...

org.apache.syncope.core.am:syncope-core-am-logic (>=3.0.0 <=3.0.13), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=3.0.0 <=3.0.13) +38 more potentially affected by CVE-2025-57738 via org.apache.syncope.core:syncope-core-persistence-api (>=3.0.0-M0 <=3.0.13)

org.apache.syncope.core:syncope-core-persistence-api MAVEN version =3.0.0-M0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.13 and more Source cves: CVE-2025-57738 Source ad...

EUVD-2025-35052

Apache Syncope allows malicious administrators to inject Groovy code...

GHSA-825G-MM5V-GGQ4 Apache Syncope allows malicious administrators to inject Groovy code

Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machine...

Apache Syncope allows malicious administrators to inject Groovy code

Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machine...

CVE-2025-57738

Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machine...

CVE-2025-57738

Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machine...

CVE-2025-57738 Apache Syncope: Remote Code Execution by delegated administrators

Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machine...

CVE-2025-57738 Apache Syncope: Remote Code Execution by delegated administrators

Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machine...

CVE-2025-57738

CVE-2025-57738 affects Apache Syncope where Groovy-based extensions can be injected by a privileged administrator to execute code remotely. The cited advisories describe that Groovy code execution arises from runtime-loaded Groovy implementations, enabling remote execution within a running Syncop...

Apache Syncope 安全漏洞

Apache Syncope is an open source digital identity management system from the Apache USA Foundation for use in enterprise environments. The system supports identity management, role configuration, and more. A security vulnerability exists in Apache Syncope versions 3.0.14 and 4.0.2, which stems fr...

EUVD-2025-34997

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

CVE-2025-47410 Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

Exploit for Server-Side Request Forgery in Apache Solr

CVE-2021-27905 | Sr No | Title...

Apache Geode 跨站请求伪造漏洞

Apache Geode is the Apache Foundation's suite of management platforms for distributed cloud architectures that provide real-time and consistent access to data for data-intensive applications. Apache Geode suffers from a cross-site request forgery vulnerability, which arises when a web application...

Exploit for Unrestricted Upload of File with Dangerous Type in Webfulcreations Computer_Repair_Shop

It is an exploit module targeting Apache HTTP Server. The target...

CVE-2025-61581

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...

Security Bulletin: IBM Application Modernization Accelerator Developer Tools is affected by an Uncontrolled Recursion vulnerability due to Apache Commons Lang (CVE-2025-48924)

Summary There is a vulnerability in Apache Commons Lang used by IBM Application Modernization Accelerator Developer Tools. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

GHSA-JQ43-27X9-3V86 vulnerabilities

Vulnerabilities for packages: apache-hop, apache-hop-fips, tez, management-api-for-apache-cassandra-5.0, thingsboard, pinot, seata, management-api-for-apache-cassandra-4.0, hadoop-fips, trino, pinot-fips, celeborn, management-api-for-apache-cassandra-4.1...

CVE-2025-59419 vulnerabilities

Vulnerabilities for packages: apache-hop, apache-hop-fips, tez, management-api-for-apache-cassandra-5.0, thingsboard, pinot, seata, management-api-for-apache-cassandra-4.0, hadoop-fips, trino, pinot-fips, celeborn, management-api-for-apache-cassandra-4.1...