acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +5 more potentially affected by CVE-2026-22735 via springframework:spring-web (>=1.0.1 <=1.2.1)

springframework:spring-web MAVEN version =1.0.1, =1.0-rc2, =1.0-rc3 Source cves: CVE-2026-22735 Source advisory: SNYK:JAVA-SPRINGFRAMEWORK-15701758...

EUVD-2006-6899

Malware in sbrugna...

CVE-2006-6916

Getahead Direct Web Remoting DWR before 1.1.3 allows attackers to cause a denial of service infinite loop via unknown vectors related to "crafted input."...

GHSA-384C-GG34-G96H Incorrect Authorization in Getahead Direct Web Remoting

Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks...

Incorrect Authorization in Getahead Direct Web Remoting

Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks...

GHSA-HG5P-233H-C7FH Direct Web Remoting vulnerable to Denial of Service

Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to cause a denial of service memory exhaustion and servlet outage via unknown vectors related to a large number of calls in a batch...

Design/Logic Flaw

The Getahead Direct Web Remoting DWR framework 1.1.4 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

CVE-2007-2377

The Getahead Direct Web Remoting DWR framework 1.1.4 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

CVE-2007-2377

The CVE-2007-2377 vulnerability affects the Getahead Direct Web Remoting (DWR) framework up to version 1.1.4, where JSON data is exchanged without an accompanying protection scheme. This enables JavaScript Hijacking: an attacker can retrieve sensitive data by loading a page that fetches data via ...

CVE-2007-2377

The Getahead Direct Web Remoting DWR framework 1.1.4 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

CVE-2007-0184

Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks...

CVE-2007-0185

Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to cause a denial of service memory exhaustion and servlet outage via unknown vectors related to a large number of calls in a batch...

Cross site request forgery (csrf)

Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks...

CVE-2007-0184

CVE-2007-0184 concerns Getahead Direct Web Remoting (DWR) prior to 1.1.4. A crafted request can bypass include/exclude checks and enable unauthorized access to public methods, indicating an authorization bypass vulnerability . The connected documents reference this CVE across multiple advisories ...

CVE-2006-6916

Getahead Direct Web Remoting DWR before 1.1.3 allows attackers to cause a denial of service infinite loop via unknown vectors related to "crafted input."...

CVE-2006-6916

CVE-2006-6916 affects Getahead Direct Web Remoting (DWR) prior to 1.1.3. The provided connected Red Hat entry corroborates that attackers can cause a denial of service (infinite loop) via crafted input. The exact root cause, vulnerable component(s) within DWR, affected versions beyond the stated ...

CVE-2007-0185

DWR (Getahead Direct Web Remoting) before version 1.1.4 is vulnerable to denial of service due to memory exhaustion triggered by a large number of batched calls; the specific vectors are not detailed in the provided documents. No remediation details are present here.

CVE-2007-0185

Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to cause a denial of service memory exhaustion and servlet outage via unknown vectors related to a large number of calls in a batch...

CVE-2007-0184

Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks...

CVE-2006-6916

Getahead Direct Web Remoting DWR before 1.1.3 allows attackers to cause a denial of service infinite loop via unknown vectors related to "crafted input."...