IBM Operational Decision Manager - JNDI Injection

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. id: CVE-2024-22319 info: name: IBM Operational Decision Manager -...

IBM Operational Decision Manager - Java Deserialization

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to...

com.exactpro.sf:sailfish-frontend (>=3.2.1036 <=3.4.260), com.github.persapiens:jsf-bootsfaces-spring-boot-starter (>=1.6.0 <=1.7.3) +67 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=1.10 <=1.14.1)

org.omnifaces:omnifaces MAVEN version =1.10, =3.2.1036, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.3.0, =1.2.0, =1.6.0, =1.7.0, =1.3.0, =1.0.0, =1.6.0, =1.7.0, =1.7.3 and more Source cves: CVE-2026-41883https://vulners.com...

EUVD-2009-1549

Malware in sbrugna...

EUVD-2017-10599

Malware in sbrugna...

EUVD-2011-4288

Malware in sbrugna...

EUVD-2015-5177

Malware in sbrugna...

CVE-2024-13980 H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

Malicious code in @zalastax/nolb-jsf (npm)

The package @zalastax/nolb-jsf was found to contain malicious code...

MAL-2025-12069 Malicious code in @zalastax/nolb-jsf (npm)

The package @zalastax/nolb-jsf was found to contain malicious code...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details CVEID:CVE-2024-45085 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, under...

CVE-2024-2227

IdentityIQ (SailPoint) is affected by a JavaServer Faces path traversal vulnerability (JSF 2.2.20) that allows reading arbitrary files from the application server filesystem. Root cause: path traversal in JSF 2.2.20, as described in CVE-2020-6950 lineage. Affected IdentityIQ versions include 8.3 ...

CVE-2022-46835

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due t...

SmartVista SVFE2 SQL注入漏洞

SmartVista SVFE2 is a subsystem of SmartVista, Inc. A security vulnerability exists in SmartVista SVFE2 version v2.2.22, which can be exploited to achieve SQL injection via the UserForm:jid88, UserForm:jid90, UserForm:jid92 parameters of the /SVFE2/pages/feegroups/countrygroup.jsf component. id92...

CVE-2022-38616

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:jid90 parameter at /feegroups/tgrtgroup.jsf...

Spring Web Flow 3.0 M1 Released

It has been almost 4 years since the last set of Spring Web Flow releases. Nevertheless, the project continues to serve a specific need particularly well, arguably better than alternatives, and remains in active use. While there hasnt been a strong driver for new releases, the upcoming Spring...

GHSA-Q388-J7CW-FF7W Path Traversal in Eclipse Mojarra

Multiple path traversal flaws where found in Mojarra JSF2 implementation for identifying resources by name or from libraries. An unauthenticated remote attacker can use these flaws to gather otherwise undisclosed information from within an application's root...

GHSA-4Q23-G7MF-XP98 Cross-site Scripting in Apache DeltaSpike

The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters by default, so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1...