HAPI FHIR 安全漏洞

HAPI FHIR is an open-source Java-based HL7 FHIR API developed by HAPI FHIR. Versions of HAPI FHIR prior to 6.9.4 contained security vulnerabilities; these vulnerabilities were caused by improper URL prefix matching, which could lead to credential exposure...

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan RAT. "A malicious downloader staged a portable Java runtime and executed a malicious Java archive JAR file named...

lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...

Red Hat Undertow 输入验证错误漏洞

Red Hat Undertow is a Java-based embedded web server from Red Hat, Inc. and is the default web server for Wildfly Java Application Server. An input validation error vulnerability exists in Red Hat Undertow that stems from an out-of-memory issue when parsing large form data encodings, which could...

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source, a java-based blog/CMS builder. A security vulnerability exists in PerfreeBlog version 4.0.11, which stems from a lack of authorization checking in the uploadAttachByUrl API endpoint, which could lead to server-side request forgery...

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source a java-based development of blog/CMS site building platform. PerfreeBlog v4.0.11 version of a security vulnerability , the vulnerability stems from installTheme function has a file upload vulnerability...

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source a java-based development of blog/CMS site building platform. PerfreeBlog v4.0.11 version of a security vulnerability , the vulnerability stems from the unInstallTheme function has an arbitrary file deletion vulnerability...

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source a java-based development of blog/CMS site building platform. PerfreeBlog v4.0.11 version of a security vulnerability , the vulnerability stems from installPlugin function has a file upload vulnerability...

DataEase H2 JDBC Injection Code Execution Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase H2.java handles JDBC connection validation with a code injection...

JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. A security vulnerability exists in JeeWMS version 20250820, which stems from a missing file check in the file/saveFiles function and could lead to remote code execution...

EUVD-2014-2161

Malware in sbrugna...

XSSVulnerabilityScanner

It is an offensive tool for web application security testing. Th...

Apache OFBiz Code Execution Vulnerability (CNVD-2025-20870)

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code execution vulnerability exists in Apache OFBiz versions prior to 24.09.02 that stems from improper...

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source a java-based development of blog/CMS site building platform. PerfreeBlog v4.0.11 version of a security vulnerability , the vulnerability stems from the getThemeFileContent function has an arbitrary file read problem...

JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. A security vulnerability exists in JeeWMS, which stems from an authentication bypass that could lead to arbitrary file reading...

JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. A security vulnerability exists in JeeWMS version 3.7, which originates from an arbitrary file override in the servicemigrateMigrateForm.java component, which could lead to the execution of arbitrary code...

JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. A security vulnerability exists in JeeWMS 20241229 and earlier versions, which stems from vulnerability to path traversal attacks...

编号撤回

Red Hat Undertow is a Java-based embedded web server from Red Hat USA and is the default web server for Wildfly Java Application Server. This CVE number has been withdrawn...

VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware

An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi. "Leveraging Microsoft SaaS services — including Teams, SharePoint, Quick Assist, and OneDri...

OpenRefine 安全漏洞

OpenRefine is a Java-based open source tool from OpenRefine Open Source. The product is mainly used for loading data, analyzing data, and cleaning data, among other things. A security vulnerability exists in OpenRefine prior to version 3.8.3, which stems from the fact that export-rows can be...