CVE-2026-21997

Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications component: Common Core. Supported versions that are affected are 9.2.1-9.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Lif...

Oracle Life Sciences Empirica Signal 安全漏洞

Oracle Life Sciences Empirica Signal is a drug safety signal detection platform developed by Oracle Corporation. Versions 9.2.1 to 9.2.3 of Oracle Life Sciences Empirica Signal contain security vulnerabilities. These vulnerabilities stem from issues with the Common Core component, allowing...

PT-2026-34067

Name of the Vulnerable Software and Affected Versions Oracle Life Sciences Empirica Signal versions 9.2.1 through 9.2.3 Description An issue in the Common Core component allows a low privileged attacker with network access via HTTP to compromise the system. Successful exploitation can lead to...

Malicious Package

Overview @copilot-web-widgets/common-core-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

CVE-2026-3067

CVE-2026-3067 affects HummerRisk up to version 1.5.0, targeting the Archive Extraction code path in hummer-common-core: CommandUtils.extractTarGZ and extractZip. The issue enables path traversal via manipulation of extracted archives, and is remotely exploitable. Public disclosure of the exploit ...

EUVD-2026-7396

A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/CommandUtils.java of the component Archive Extraction. The manipulation leads to path traversal...

HummerCloud HummerRisk 路径遍历漏洞

HummerCloud HummerRisk is an open-source cloud-native security platform developed by HummerCloud Corporation. It addresses security and governance issues in cloud-native environments in a non-invasive manner. Its core capabilities include security governance for hybrid clouds and cloud-native...

com.aizuda:snail-job-client-common (>=1.0.0 <=1.10.0-beta1), com.aizuda:snail-job-client-job-core (>=1.0.0 <=1.10.0-beta1) +29 more potentially affected by CVE-2025-14674 via com.aizuda:snail-job-common-core (>=1.0.0-beta1 <=1.6.0)

com.aizuda:snail-job-common-core MAVEN version =1.0.0-beta1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.10.0, =1.0.0, =1.0.0, =1.1.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.10.0-beta1 and more Source cves: CVE-2025-14674 Source advisory: SNYK:JAVA-COMAIZUDA-14426463...

EUVD-2019-0182

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-19362

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from...

com.aizuda:snail-job-client-common (>=1.0.0 <=1.10.0-beta1), com.aizuda:snail-job-client-job-core (>=1.0.0 <=1.10.0-beta1) +26 more potentially affected by CVE-2025-2622 via com.aizuda:snail-job-common-core (>=1.0.0-beta1 <=1.4.0-beta1-jdk8)

com.aizuda:snail-job-common-core MAVEN version =1.0.0-beta1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.10.0, =1.0.0, =1.0.0, =1.1.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.10.0-beta1 and more Source cves: CVE-2025-2622 Source advisory: SNYK:JAVA-COMAIZUDA-9667344...

Malicious code in @copilot-web-widgets/common-core-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 148c6b43da3f4ec787aa611cf721a390eab6918627604a9405d817955e2c472b The OpenSSF Package Analysis project identified '@copilot-web-widgets/common-core-sdk' @ 1.11.0 npm as malicious. It is considered malicious...

MAL-2023-8625 Malicious code in @ukncsc/my-ncsc-ui-common-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9535a39a8207d1d902daf4cfaaad312cc4bae19928fa3d2311e2be1f0ec9b027 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

commoncoresheets.com Cross Site Scripting vulnerability OBB-3295294

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE CVE-2018-19362

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization...

jackson-databind: improper polymorphic deserialization in jboss-common-core class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code...

jackson-databind: improper polymorphic deserialization in jboss-common-core class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code...

jackson-databind: improper polymorphic deserialization in jboss-common-core class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code...

jackson-databind: improper polymorphic deserialization in jboss-common-core class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code...

jackson-databind: improper polymorphic deserialization in jboss-common-core class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code...