91 matches found
CVE-2025-52287
OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability...
CVE-2025-52287
OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability...
OperaMasks SDK ELite Script Engine 安全漏洞
OperaMasks SDK ELite Script Engine is a software development kit from OperaMasks, Inc. A security vulnerability exists in OperaMasks SDK ELite Script Engine version 0.5.0, which stems from the presence of a deserialization vulnerability...
CVE-2025-52287
OperaMasks SDK ELite Script Engine v0.5.0 contains a deserialization vulnerability. CVE-2025-52287 shows a NETWORK-exploitable flaw with HIGH impact to confidentiality, integrity, and availability (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Affected component: OperaMasks SDK ELite Script Engine; root ...
CVE-2025-52287
OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability...
CVE-2025-52287
OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability...
PT-2025-34476 · Unknown · Operamasks Sdk Elite Script Engine
Name of the Vulnerable Software and Affected Versions: OperaMasks SDK ELite Script Engine version 0.5.0 Description: OperaMasks SDK ELite Script Engine version 0.5.0 contains a deserialization vulnerability. Recommendations: At the moment, there is no information about a newer version that contai...
Atlassian Confluence Administrator Code Macro Remote Code Execution Exploit
This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This...
Atlassian Confluence Administrator Code Macro Remote Code Execution
This module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will...
Atlassian Confluence Administrator Code Macro Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Administrator Code Macro Remote Code Execution', 'Description' = %q This module exploits an authenticated administrator-leve...
The vulnerability of the Script Engine component of the Oracle BI Publisher software allows a perpetrator to execute arbitrary code.
The vulnerability of the Script Engine component of the Oracle BI Publisher reporting software lies in insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Oracle Business Intelligence Publisher (April 2024 CPU)
The versions of Oracle Business Intelligence Publisher installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: XML Services. Supported versions that are...
Oracle Business Intelligence Publisher 7.0 (OAS) (April 2024 CPU)
The versions of Oracle Business Intelligence Publisher OAS installed on the remote host are affected by a vulnerability as referenced in the April 2024 CPU advisory. - Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: XML Services. Supported versions that are affecte...
CVE-2024-21083
Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Script Engine. Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher...
PT-2023-26537 · Unknown +2 · Helix Core +3
Name of the Vulnerable Software and Affected Versions: helix-core versions prior to 1.3.0 helix-rest versions prior to 1.3.0 Description: An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize...
Apache Helix 代码问题漏洞
Apache Helix is a general-purpose cluster management framework from the Apache USA Foundation for automating the management of partitioning, replication, and distributed resources hosted on clusters of nodes. Apache Helix suffers from a deserialization vulnerability that stems from the ability to...
PT-2023-21940 · Oracle +1 · Java +1
Name of the Vulnerable Software and Affected Versions: ShardingSphere-Agent versions through 5.3.2 Description: The Deserialization of Untrusted Data issue in Apache ShardingSphere-Agent allows attackers to execute arbitrary code by constructing a special YAML configuration file. An attacker must...
CVE-2023-32200 Apache Jena: Exposure of execution in script engine expressions.
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...
CVE-2023-22665 Apache Jena: Exposure of arbitrary execution in script engine expressions.
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...
GHSA-QMFC-6WWW-FJQW Code injection in Apache Dubbo
Apache Dubbo prior to 2.6.9 and 2.7.10 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run...