USN-8369-1 libapache-mod-jk vulnerability

It was discovered that Apache Tomcat Connectors used incorrect default permissions for shared memory on Unix-like systems. A local attacker could possibly use this issue to view or modify modjk configuration data in shared memory, resulting in sensitive information exposure or a denial of service...

Apache Tomcat JK Connect <=1.2.44 - Manager Access

Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is so...

EUVD-2008-5494

Malware in sbrugna...

EUVD-2025-2825

Malicious code in bioql PyPI...

CVE-2025-57751

pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...

Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs

Dear Maintainers, I am writing to you on behalf of the Tencent AI Sec. We have identified a potential vulnerability in one of your products and would like to report it to you for further investigation and mitigation. Summary The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of...

Allocation of Resources Without Limits or Throttling

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the jk parameter in the CNL Blueprint process. An attacker can cause the server CPU to become fully...

CVE-2025-57751

The CVE-2025-57751 issue affects pyLoad, specifically the CNL Blueprint. The vulnerability arises from missing validation of the jk parameter, which is processed as JavaScript via evaljs (depending on Python version, via js2py or dukpy). An attacker-supplied jk can cause the server to execute arb...

PT-2025-34274 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev92 Description: The jk parameter in the pyLoad CNL Blueprint lacks proper verification. This allows a user-supplied jk parameter to be directly passed to dykpy.evaljs, leading to full server CPU utilization...

MAL-2025-10145 Malicious code in @zalastax/nolb-_jk (npm)

The package @zalastax/nolb-jk was found to contain malicious code...

Malicious code in @zalastax/nolb-_jk (npm)

The package @zalastax/nolb-jk was found to contain malicious code...

CVE-2025-8649

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...

CVE-2025-8651

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...

CVE-2025-22547

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jaykrishnang JK Html To Pdf jk-html-to-pdf allows Stored XSS.This issue affects JK Html To Pdf: from n/a through = 1.0.0...

Security update for apache2-mod_jk

This update for apache2-modjk fixes the following issues: Update to version 1.2.50: CVE-2024-46544: Fixed incorrect default permissions vulnerabilitymay that could lead to information disclosure and/or denial of service. bsc1230916 Patch Instructions: To install this SUSE update use the SUSE...

Security update for apache2-mod_jk

This update for apache2-modjk fixes the following issues: Update to version 1.2.50: CVE-2024-46544: Fixed incorrect default permissions vulnerabilitymay that could lead to information disclosure and/or denial of service. bsc1230916 CVE-2023-41081: Fixed information disclosure in modjk. bsc1215301...

CVE-2025-22547

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jaykrishnang JK Html To Pdf jk-html-to-pdf allows Stored XSS.This issue affects JK Html To Pdf: from n/a through = 1.0.0...

CVE-2025-22547

CVE-2025-22547 is a stored XSS vulnerability in the JK Html To Pdf WordPress plugin (affecting 1.0.0 and earlier) evidenced by Red Hat’s CVE entry. It is described as an Improper Neutralization of Input During Web Page Generation leading to Stored XSS; exploitation details are not provided in the...

WordPress plugin JK Html To Pdf 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

mod_jk: information Disclosure / DoS

An Incorrect Default Permissions vulnerability was found in Apache Tomcat Connectors that allows local users to view and modify shared memory containing modjk configuration, which may lead to information disclosure and denial of service...