Lucene search
K

10 matches found

NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-13772

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

9.9CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:21 p.m.17 views

CVE-2026-13772

CVE-2026-13772 affects IBM WebSphere eXtreme Scale (OQL engine) on versions 8.6.1.0–8.6.1.6. The issue arises from attacker-supplied class names being resolved via Class.forName() and their constructors invoked at three sinks (SELECT NEW, enum literals, reflection-based comparators) without an al...

9.9CVSS6.1AI score0.00283EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/30 7:21 p.m.7 views

EUVD-2026-40387

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

7.5CVSS6.1AI score0.00283EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/01/24 12:0 a.m.6 views

The vulnerability of the JXPath object query processing library, related to writing beyond buffer boundaries, allows attackers to trigger a service failure.

The vulnerability of the JXPath object processing library is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...

6.8CVSS6.8AI score0.01188EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2022/05/17 2:50 a.m.2 views

GHSA-2GW6-73WC-X88F Apache Geode information disclosure vulnerability

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...

7.5CVSS6AI score0.02776EPSS
Exploits0References2
OSV
OSV
added 2019/11/21 6:15 p.m.2 views

DEBIAN-CVE-2019-18890

A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query...

6.5CVSS6.7AI score0.04338EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2019/11/21 6:15 p.m.18 views

CVE-2019-18890

A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query...

6.5CVSS6.7AI score0.04338EPSS
Exploits2References5
Debian CVE
Debian CVE
added 2019/11/21 5:46 p.m.34 views

CVE-2019-18890

A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query...

6.5CVSS6.5AI score0.04338EPSS
Exploits2
CNVD
CNVD
added 2018/01/18 12:0 a.m.3 views

Apache Geode Code Execution Vulnerability

Apache Geode cluster is the Apache Software Foundation's platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode cluster. A remote attacker can exploit this vulnerability to...

7.5CVSS7.1AI score0.04177EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/07 12:0 a.m.4 views

Apache Geode Information Disclosure Vulnerability

Geode is a data management platform that provides real-time, consistent access to data-critical applications across the entire cloud architecture. Apache Geode sets the security-manager attribute and fails to set user permissions correctly after enabling clustering, allowing remote attackers to...

7.5CVSS7.7AI score0.02776EPSS
Exploits0References1
Rows per page
Query Builder