Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery

Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery. id: CVE-2019-18394 info: name: Ignite Realtime Openfire =4.4.3 to fix this vulnerability. reference: -...

Relative Path Traversal

Overview org.apache.ignite:ignite-core is a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale. Affected versions of this package are vulnerable to Relative Path Traversal via t...

EUVD-2025-209980

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...

CVE-2025-48977

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...

CVE-2025-48977

CVE-2025-48977 is a relative path traversal vulnerability in Apache Ignite’s REST API. Authenticated REST API users can read arbitrary server files via a crafted log path using the cmd=log command, affecting Ignite 2.0.0–2.17.0. The issue is fixed in Ignite 2.18.0. If you are running affected ver...

CVE-2025-48977 Apache Ignite: REST HTTP arbitrary file read vulnerability

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...

PT-2026-44225

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...

Apache Ignite 安全漏洞

Apache Ignite is a high-performance, integrated, and distributed memory computing and transaction management platform for large-scale data sets, developed by the Apache Foundation. Security vulnerabilities exist in the Apache Ignite REST API versions 2.0.0 to 2.17.0. These vulnerabilities stem fr...

MAL-2026-4582 Malicious code in ignite-market-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3632f7802511e2852d33925ab4d8612fe588de1f8a1d832011cd3588d23f62bc The package's preinstall lifecycle hook in package.json runs wget --quiet...

Malicious code in ignite-market-contractstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9babd9b088785649368dbf885050b6a15b218a6b38d2dcd058f0c9eda5109da package.json declares a preinstall lifecycle hook that runs wget --quiet...

Astra Linux - уязвимость в jackson-databind

A deserialization flaw was discovered in Jackson-Databind through version 2.9.10.4. This flaw could allow unauthenticated users to execute code via Ignite-JTA or Quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and...

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

CVE-2019-20364

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp...

CVE-2019-20526

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter...

CVE-2019-20366

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents...

CVE-2019-20363

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents...

CVE-2019-20525

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...

CVE-2019-20365

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page...

CVE-2019-20527

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter...

CVE-2020-24601

In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page...