Exploit for CVE-2025-22167

README — CVE-2025-22167 Atlassian Jira For defensive us...

EUVD-2019-0543

Malware in sbrugna...

EUVD-2025-14031

Malicious code in bioql PyPI...

CVE-2025-1948

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...

CVE-2025-1948 Eclipse Jetty HTTP clients can increase memory allocation

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...

CVE-2025-1948

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...

CVE-2025-1948 Eclipse Jetty HTTP clients can increase memory allocation

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...

Hotdog Elevation of Privilege Vulnerability

Hotdog is a set of OCI hooks for injecting Log4j Hot Patch into containers. An elevation of privilege vulnerability exists prior to Hotdog version 1.0.1 that stems from not mimicking the functionality of the target JVM process or SELinux tags. An attacker could use this vulnerability to allow...

CVE-2022-0071

CVE-2022-0071 documents confirm an incomplete fix for CVE-2021-3101 in Hotdog prior to v1.0.2. The vulnerability arises because Hotdog did not mimic the resource limits, device restrictions, or syscall filters of the target JVM process. As a result, a container could exhaust host resources, modif...

Hotdog 安全漏洞

Hotdog is a set of OCI hooks for injecting Log4j Hot Patch into containers. A resource management error vulnerability exists in Hotdog versions prior to v1.0.2, which arises from an application that does not effectively perform resource limiting, device limiting, or syscall filters on the target...

XML Entity Expansion in Pippo

XML Entity Expansion Billion Laughs Attack on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will...

GHSA-HWCX-9P4J-7HWJ XML Entity Expansion in Pippo

XML Entity Expansion Billion Laughs Attack on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will...

Input validation

XML Entity Expansion Billion Laughs Attack on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will...

CVE-2019-5442

XML Entity Expansion Billion Laughs Attack on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will...

akka HTTP DoS Vulnerability

akka HTTP is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:akka:http"; if descripti...

ElasticSearch Snapshot API Directory Traversal

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'json' class Metasploit3 'ElasticSearch Snapshot API Directory Traversal', 'Description' = %q This module exploits a directory traversal...

ElasticSearch Snapshot API Directory Traversal

'This module exploits a directory traversal vulnerability in ElasticSearch, allowing an attacker to read arbitrary files with JVM process privileges, through the Snapshot API.' This module requires Metasploit: https://metasploit.com/download Current source:...

GetResourceServlet pre-auth arbitrary file download vulnerability

The GetResourceServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled name parameter and using this in a call to URLConnection.openConnection, an attacke...

GetResourceServlet pre-auth arbitrary file download vulnerability

The GetResourceServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled name parameter and using this in a call to URLConnection.openConnection, an attacke...

ResolveURLServlet pre-auth arbitrary file download vulnerability

The ResolveURLServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled url parameter and using this in a call to URLConnection.openConnection, an attacker...