The vulnerability of the sub-component of the Dynamo Application Framework within the component of the Oracle Commerce Platform of the e-commerce platform Oracle Commerce allows a perpetrator to gain access to data.

The vulnerability of the sub-component of the Dynamo Application Framework within the Oracle Commerce Platform, an e-commerce platform, exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to gain access to data by using specially crafted...

Laravel remote code execution vulnerability

Laravel, a web application framework from the Laravel Team Laravel, has a security vulnerability that stems from a vulnerability in 1 RoutingPendingResourceRegistration.php via destruct, 2 cal in QueueCapsuleManager.php and 3 the deserialization pop-up chain invoke in...

CVE-2022-22255

The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability...

CVE-2022-22255

The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability...

CVE-2022-22255

Huawei HarmonyOS application framework has a Denial-of-Service vulnerability (CVE-2022-22255) caused by improper handling of incoming error messages, potentially affecting availability. As per CVSS, the issue has a high impact (7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) with network attack vector a...

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2022-44620)

Huawei HarmonyOS is an operating system from Huawei, China. A denial-of-service vulnerability exists in the Huawei HarmonyOS application framework, which provides a microkernel-based, full-scenario distributed operating system. The vulnerability stems from a failure to properly handle incoming...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, China. A denial-of-service vulnerability exists in the Huawei HarmonyOS application framework, which provides a microkernel-based, full-scenario distributed operating system. The vulnerability stems from a failure to properly handle incoming...

VMware Spring Framework Code Injection Vulnerability

VMware Spring Framework is an open source Java, JavaEE application framework from VMware, Inc. A code injection vulnerability exists in Vmware Spring Framework, which stems from the RCE for data binding on JDK 9. No details of the vulnerability are currently available...

Orchard Coret Cross-Site Scripting Vulnerability

Net Core, an open source modular and multi-tenant application framework built using Asp.Net Core, and a content management system Cms built on top of the framework.A cross-site scripting vulnerability exists in Orchard Core, which stems from the lack of proper validation of client-side data in th...

CVE-2022-21387

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

October CMS File Upload Vulnerability

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. A file upload vulnerability exists in October CMS, which stems from the "Create, Modify, and Delete Site Pages" privilege of the management system, and can be exploited by an attacker t...

Vmware Spring Framework has an unspecified vulnerability

Vmware Spring Framework is an open source Java, JavaEE application framework from Vmware, Inc. The framework helps developers build high-quality applications.Vmware Spring Framework has a security vulnerability that can be exploited by attackers to bypass Spring Framework access restrictions...

The vulnerability of the Application Framework module of the HarmonyOS operating system, which allows a hacker to trigger a service failure.

The vulnerability of the Application Framework module of the HarmonyOS operating system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2021-3541 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, caused by an exponential entity expansion attack whic...

Apache MINA Denial of Service Vulnerability

Apache MINA is a web application framework from the Apache Foundation. A denial-of-service vulnerability exists in Apache MINA, which is caused by improper handling of HTTP message header requests in Apache MINA. An attacker could exploit this vulnerability to potentially cause an infinite loop i...

Oracle E-Business Suite Denial of Service Vulnerability (CNVD-2022-02347)

Oracle E-Business Suite is an extension of the original Application ERP, including ERP enterprise resource planning management, HR human resource management, CRM customer relationship management and other collections of management software, a seamlessly integrated management suite. Oracle...

ZEIT Next.js Input Validation Error Vulnerability (CNVD-2021-61800)

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack, and Babel.js. ZEIT Next.js is vulnerable to an input validation error in versions prior to 11.1.0, which stems from a web system or product that does not properly validate input data. An attacker...

CVE-2021-35464

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...

CVE-2021-35464

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...

Pre-auth RCE in ForgeRock Access Manager (CVE-2021-35464)

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...