266 matches found
EUVD-2020-0469
Malware in sbrugna...
EUVD-2008-5630
Malware in sbrugna...
EUVD-2013-6255
Malware in sbrugna...
EUVD-2022-3091
Malicious code in bioql PyPI...
EUVD-2022-4918
Malicious code in bioql PyPI...
EUVD-2023-36475
Malicious code in bioql PyPI...
EUVD-2023-0219
Malicious code in bioql PyPI...
CVE-2025-11226
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...
QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing
QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...
Apache Solr < 9.8.0 ConfigSet Privilege Escalation via <lib> Injection (CVE-2025-24814)
Solr instances that 1 use the 'FileSystemConfigSetService' component the default in 'standalone' or 'user-managed' mode, and 2 are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual 'trusted' configset files can be ignored in favor...
gadgetinspector
This is a Java-based tool for finding deserialization gadget chains in Java applications. The tool is called "Gadget Inspector" and is presented as a project that was showcased at Black Hat USA 2018. The tool is designed to automatically discover possible gadget chains in an application's...
Linux Distros Unpatched Vulnerability : CVE-2019-14439
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled either globally or for a...
Linux Distros Unpatched Vulnerability : CVE-2019-16943
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...
Linux Distros Unpatched Vulnerability : CVE-2019-12384
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from...
CVE-2023-22946
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...
CVE-2019-0195
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbo...
CLSA-2025-1746190792 libreoffice: Fix of 2 CVEs
CVE-2022-38745: avoid unnecessary empty -Djava.class.path= - CVE-2024-3044: add notify for script execution...
CVE-2025-31119 CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework
generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath...
Apache Ignite: Possible RCE when deserializing incoming messages by the server node
In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server...
DEBIAN-CVE-2025-24814
Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...