Sa-Token 代码问题漏洞

Sa-Token is a lightweight Java authentication framework open source by dromara. A code issue vulnerability exists in Sa-Token 1.44.0 and earlier versions, which stems from a misuse of the function ObjectInputStream.readObject in the file SaSerializerTemplateForJdkUseBase64.java, which could lead ...

CVE-2025-31129

Summary: CVE-2025-31129 affects the Jooby pac4j integration. In io.jooby.internal.pac4j.SessionStoreImpl#get, values are deserialized from untrusted data (notably for payloads starting with “b64~”), which can enable code execution. The issue is fixed in Jooby releases 2.17.0 (2.x stream) and 3.7....

Solon 安全漏洞

Solon is a new ecological application development framework for Java for noear individual developers in China. A security vulnerability exists in Solon 3.0.8 and earlier versions, which stems from a path traversal issue...

Supercharging Your AI Applications with Spring AI Advisors

In the rapidly evolving world of artificial intelligence, developers are constantly seeking ways to enhance their AI applications. Spring AI, a Java framework for building AI-powered applications, has introduced a powerful feature: the Spring AI Advisors. The advisors can supercharge your AI...

Fedora: Security Advisory for beust-jcommander (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: beust-jcommander-1.82-9.fc40

JCommander is a very small Java framework that makes it trivial to parse command line parameters with annotations...

CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

CVE-2024-23639

Affected product: Micronaut Framework (micronaut-core). Vulnerability: Enabled but unsecured management endpoints allow drive-by localhost attacks when a malicious site issues HTTP requests to localhost, potentially bypassing CORS checks for some simple requests. Impact: Local development environ...

Magic-Api Code Injection Vulnerability

magic-api is sssssssss-team open source a Java-based interface rapid development framework . A code injection vulnerability exists in Magic-Api version 2.0.1 and earlier versions. Attackers exploit this vulnerability to cause code injection...

Active Exploitation of ZK Framework CVE-2022-36537

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is aware of active exploitation of CVE-2022-36537 in vulnerable versions of ConnectWise R1Soft Server Backup Manager software. The root cause of the vulnerability is an...

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 CVSS score: 7.5, the issue impacts ZK Framework versions...

ZK Framework AuUploader Unspecified Vulnerability

ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to...

VulnCheck KEV: CVE-2022-36537

ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to...

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 CVSS score: 9.8, the shortcoming could be trivially abused by a malicious actor without any...

Atmosphere Java Framework Reflected Cross-Site Scripting

A cross-site scripting vulnerability exists in Atmosphere. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

CVE-2022-22963 - PoC Spring Java Framework 0-day Remote Code Execution Vulnerability

To run the vulnerable SpringBoot application run this docker container exposing it to port 8080. Example: docker run -it -d -p 8080:8080 bobcheat/springboot-public Exploit Curl command: curl -i -s -k -X $'POST' -H $'Host: 192.168.1.2:8080' -H...

CVE-2022-21700 Memory leak in micronaut-core

Micronaut is a JVM-based, full stack Java framework designed for building JVM web applications with support for Java, Kotlin and the Groovy language. In affected versions sending an invalid Content Type header leads to memory leak in DefaultArgumentConversionContext as this type is erroneously us...

[SECURITY] [DLA 2726-1] shiro security update

Debian LTS Advisory DLA-2726-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez August 02, 2021 https://wiki.debian.org/LTS Package : shiro Version : 1.3.2-1+deb9u2 CVE ID : CVE-2020-13933 CVE-2020-17510 Debian Bug : 968753 It was discovered that there were two...

CVE-2021-32769

Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs because Micronaut...

CVE-2021-32769

Micronaut’s CVE-2021-32769 is a path-traversal vulnerability in versions before 2.5.9. Affected component is the Micronaut file/resource loader which allows access to filesystem paths via URL patterns like /../../ when not restricted to configured paths. Exploitation details are described across ...