11 matches found
Deserialization of Untrusted Data
Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the unserialize process. An attacker can achieve arbitrary code execution by injecting malicious serialized PHP objects...
CVE-2025-11165
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...
CVE-2025-11165
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...
EUVD-2025-207542
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...
CVE-2025-11165
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...
CVE-2025-11165
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...
CVE-2025-11165
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...
CVE-2025-11165
Affects dotCMS with its Velocity scripting engine (VTools). The issue is a sandbox escape where authenticated users with scripting privileges can bypass SecureUberspectorImpl protections by dynamically altering the Velocity runtime configuration and reinitializing its Uberspect, removing introspe...
WS: EJB3 role restrictions are not applied to jaxws handlers
A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attack...
WS: EJB3 role restrictions are not applied to jaxws handlers
A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attack...
CVE-2002-1295
The CVE-2002-1295 entry concerns the Microsoft Java VM used by Internet Explorer. The vulnerability arises when HTML applet tags bypass Java class restriction checks by supplying the class name in the code parameter, allowing remote attackers to cause a crash (denial of service) and potentially p...