Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Veracode
Veracodeadded 2026/01/02 2:6 p.m.3 views

Prototype Pollution

apidoc-core is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of malformed data structures in the preProcess functions, which allows an attacker to manipulate JavaScript object prototypes via crafted properties such as define, leading to denial of service or...

9.3CVSS6.7AI score0.00116EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2025/11/11 1:15 a.m.2 views

CVE-2025-42895

Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability o...

6.9CVSS0.00015EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/11/11 12:0 a.m.2 views

PT-2025-46235

Name of the Vulnerable Software and Affected Versions SAP HANA JDBC Client affected versions not specified Description The SAP HANA JDBC Client contains a flaw due to inadequate validation of connection property values. A locally authenticated, high-privilege user can provide specially crafted...

6.9CVSS6.4AI score0.00015EPSS
Exploits0References4
NVD
NVDadded 2021/04/28 2:15 p.m.9 views

CVE-2021-29159

A cross-site scripting XSS vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application...

6.1CVSS0.00275EPSS
Exploits0References2
Cvelist
Cvelistadded 2021/04/28 1:14 p.m.7 views

CVE-2021-29159

A cross-site scripting XSS vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application...

6.2AI score0.00275EPSS
Exploits0References2
Cvelist
Cvelistadded 2014/04/15 5:0 p.m.29 views

CVE-2014-0107

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...

8.4AI score0.05863EPSS
Exploits2References39
OSV
OSVadded 2014/04/15 12:0 a.m.1 views

UBUNTU-CVE-2014-0107

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...

7.5CVSS7AI score0.05863EPSS
Exploits2References3
Positive Technologies
Positive Technologiesadded 2014/04/01 12:0 a.m.3 views

PT-2014-1795 · Apache +5 · Apache Xalan-Java +5

Name of the Vulnerable Software and Affected Versions: Apache Xalan-Java versions prior to 2.7.2 Description: The issue allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted xalan:content-header, xalan:entities,...

7.5CVSS7.3AI score0.05863EPSS
Exploits2References79
Rows per page
Query Builder