Lucene search
K

4 matches found

Cvelist
Cvelist
•added 2026/02/13 11:47 a.m.•27 views

CVE-2025-33042 Apache Avro Java SDK: Code injection on Java generated code

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

0.00602EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/02/13 12:0 a.m.•9 views

PT-2026-7986

Name of the Vulnerable Software and Affected Versions Apache Avro Java SDK versions through 1.11.4 and version 1.12.0 Description An Improper Control of Generation of Code 'Code Injection' issue exists in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. The flaw...

7.3CVSS5.8AI score0.00602EPSS
Exploits0References23
Snyk
Snyk
•added 2025/03/24 11:43 p.m.•5 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the auth-url annotation which can be used to inject configuration into nginx. Remediation Upgrade github.com/kubernetes/ingress-nginx/internal/ingress/annotations/auth to version 1.11.5, 1.12.1, 4.11.5,...

8.8CVSS7.5AI score0.31809EPSS
Exploits8References2
Snyk
Snyk
•added 2022/05/24 3:21 p.m.•1 views

Infinite loop

Overview std/crypto/elliptic is a Go standard library package std/crypto/elliptic Affected versions of this package are vulnerable to Infinite loop. Go Vulnerability Report: via the crypto/elliptic process. An attacker can cause excessive CPU consumption or potentially recover private keys by...

8.8CVSS8.2AI score0.04326EPSS
Exploits0References3
Rows per page
Query Builder