10 matches found
CVE-2026-13772
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...
CVE-2026-13772
CVE-2026-13772 affects IBM WebSphere eXtreme Scale (OQL engine) on versions 8.6.1.0–8.6.1.6. The issue arises from attacker-supplied class names being resolved via Class.forName() and their constructors invoked at three sinks (SELECT NEW, enum literals, reflection-based comparators) without an al...
EUVD-2026-40387
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...
The vulnerability of the JXPath object query processing library, related to writing beyond buffer boundaries, allows attackers to trigger a service failure.
The vulnerability of the JXPath object processing library is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...
GHSA-2GW6-73WC-X88F Apache Geode information disclosure vulnerability
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...
DEBIAN-CVE-2019-18890
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query...
CVE-2019-18890
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query...
CVE-2019-18890
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query...
Apache Geode Code Execution Vulnerability
Apache Geode cluster is the Apache Software Foundation's platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode cluster. A remote attacker can exploit this vulnerability to...
Apache Geode Information Disclosure Vulnerability
Geode is a data management platform that provides real-time, consistent access to data-critical applications across the entire cloud architecture. Apache Geode sets the security-manager attribute and fails to set user permissions correctly after enabling clustering, allowing remote attackers to...