9 matches found
EUVD-2026-31696
Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...
CVE-2026-42782
Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...
PT-2026-43078
Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.16 Apache Syncope versions 4.0 through 4.0.5 Apache Syncope version 4.1.0 Description Improper Isolation or Compartmentalization allows an administrator with sufficient entitlements for Implementations t...
GHSA-36WV-V2QP-V4G4 Apache CXF is vulnerable to DoS attacks as entire files are read into memory and logged
Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory...
PT-2024-2426 · Unknown · Jupyter Server Proxy
Name of the Vulnerable Software and Affected Versions: Jupyter Server Proxy versions prior to 3.2.3 Jupyter Server Proxy versions prior to 4.1.1 Description: The issue is related to the lack of proper user authentication when proxying websockets in Jupyter Server Proxy. This allows unauthenticate...
PT-2023-10188 · Unknown · Interchange
Name of the Vulnerable Software and Affected Versions: nterchange versions up to 4.1.0 Description: A critical issue affects the function getContent of the file app/controllers/code caller controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/ leads to code...
PT-2022-3224 · Smarty +2 · Smarty +2
Name of the Vulnerable Software and Affected Versions: Smarty versions prior to 3.1.45 Smarty versions 4.0.0 through 4.1.0 Description: The issue is related to incorrect code generation management in the PHP Smarty template engine, allowing a remote attacker to execute arbitrary PHP code. Templat...
CVE-2022-0882 Illegal access to Kernel log in Fuchsia
A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZXRSRCKINDROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater...
PT-2021-4536 · Redmine · Redmine
Name of the Vulnerable Software and Affected Versions: Redmine versions 4.0.0 through 4.0.6 Redmine versions 4.1.0 through 4.1.0 Description: The issue is related to stored XSS via textile inline links, which can be exploited by a remote attacker to impact data integrity. The vulnerability is due...