Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fuse vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-11796
In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity e...
Apache Tika
5.3
CVSSv3
CVE-2019-3802
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a mal...
Pivotal Software Spring Data Java Persistance Api
5.3
CVSSv3
CVE-2018-9159
In Spark prior to 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
Sparkjava Spark
6.3
CVSSv3
CVE-2019-2692
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors execu...
Oracle Mysql Connector/j
7.5
CVSSv3
CVE-2022-23596
Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant us...
Junrar Project Junrar
5.5
CVSSv3
CVE-2020-15250
In JUnit4 from version 4.7 and prior to 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories...
Junit Junit4
Debian Debian Linux 9.0
Apache Pluto
Oracle Communications Cloud Native Core Policy 1.14.0
6 Github repositories
7.5
CVSSv3
CVE-2021-22119
Spring Security versions 5.5.x before 5.5.1, 5.4.x before 5.4.7, 5.3.x before 5.3.10 and 5.2.x before 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or...
Vmware Spring Security
Oracle Communications Cloud Native Core Policy 1.14.0
9.8
CVSSv3
CVE-2019-3774
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Pivotal Software Spring Batch
Pivotal Software Spring Batch 4.1.0
8.8
CVSSv3
CVE-2018-3831
Elasticsearch Alerting and Monitoring in versions prior to 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens...
Elastic Elasticsearch
9.8
CVSSv3
CVE-2019-3773
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Pivotal Software Spring Web Services
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Financial Services Analytical Applications Infrastructure
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »