CVE-2022-25647 Deserialization of Untrusted Data

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to DoS attacks...

CVE-2022-25647

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to DoS attacks...

PT-2022-19136 · Bentley · Bentley Microstation Connect

Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.2.034 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicio...

Bentley Systems MicroStation 资源管理错误漏洞

Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A resource management error vulnerability exists in Bentley MicroStation CONNECT version 10.16.02.34 that stems from a specific flaw in the parsing of IFC files. An attacker could...

PT-2022-18940 · Bentley · Microstation Connect

Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.02.34 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicio...

PT-2022-19131 · Bentley · Bentley Microstation Connect

Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.02.34 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicio...

PT-2022-18955 · Bentley · Microstation Connect

Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.02.34 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicio...

PT-2022-18957 · Bentley · Microstation Connect

Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.02.34 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicio...

PT-2022-19137 · Bentley · Microstation Connect

Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.2.034 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicio...

NexusPHP SQL Injection Vulnerability (CNVD-2022-65363)

NexusPHP is a free and open source complete solution for building PT websites. NexusPHP version 1.5 is vulnerable to SQL injection, which can be exploited by remote attackers to execute arbitrary SQL commands via the classes parameter...

IBM Cognos Controller Licensing Issue Vulnerability

IBM Cognos Controller is a business intelligence and planning solution from IBM Corporation. The product features process automation, financial audit controls, and the creation and management of financial reports.An authorization issue vulnerability exists in IBM Cognos Controller, which stems fr...

CVE-2020-24769

SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter...

NexusPHP SQL注入漏洞

NexusPHP is a free and open source complete solution for building PT websites. NexusPHP version 1.5 is vulnerable to SQL injection, which can be exploited by remote attackers to execute arbitrary SQL commands via the classes parameter...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

l4srs Rust implementation of the Log 4 Shell log 4 j - CVE-20...

Airspan Networks Mmp Code Issue Vulnerability

Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks, U.S. Airspan Networks Mmp is vulnerable to a code issue that could be exploited by an attacker to pass specially crafted data to the application and create...

Improper Input Validation in Apache Unomi

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...

GHSA-V6FQ-Q792-J46J Improper Input Validation in Apache Unomi

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...

GHSA-V9MF-JGQ3-C28H Data Amplification in Play Framework

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

Unauthorized access to Class instance in Jinjava

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

GHSA-2HJR-FG6C-V2H6 Unauthorized access to Class instance in Jinjava

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...