Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
CVE-2021-30468 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-30468
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an malicious user to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions before 3.4.4; Apach...
Apache Cxf
Apache Tomee 8.0.6
Oracle Business Intelligence 5.5.0.0.0
Oracle Business Intelligence 5.9.0.0.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Communications Element Manager 8.2.2
Oracle Communications Messaging Server 8.1
9.8
CVSSv3
CVE-2021-42575
The OWASP Java HTML Sanitizer prior to 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
Owasp Java Html Sanitizer
Oracle Middleware Common Libraries And Tools 12.2.1.3.0
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Primavera Unifier
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
4.3
CVSSv3
CVE-2021-22096
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
Vmware Spring Framework
Netapp Active Iq Unified Manager -
Netapp Management Services For Element Software And Netapp Hci -
Netapp Metrocluster Tiebreaker -
Netapp Snap Creator Framework -
Netapp Snapcenter -
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0
1 Github repository
8.8
CVSSv3
CVE-2021-4133
A flaw was found in Keycloak in versions from 12.0.0 and prior to 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.
Redhat Keycloak
4.3
CVSSv3
CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of inpu...
Vmware Spring Framework
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0
1 Github repository
7.5
CVSSv3
CVE-2021-37136
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
Netty Netty
Quarkus Quarkus
Oracle Banking Apis
Oracle Banking Apis 19.1
Oracle Banking Apis 19.2
Oracle Banking Apis 20.1
Oracle Banking Apis 21.1
Oracle Banking Digital Experience 18.1
Oracle Banking Digital Experience 18.2
Oracle Banking Digital Experience 18.3
Oracle Banking Digital Experience 19.1
Oracle Banking Digital Experience 19.2
4.8
CVSSv3
CVE-2020-27218
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request ...
Eclipse Jetty
Eclipse Jetty 10.0.0
Eclipse Jetty 11.0.0
Netapp Oncommand System Manager
Netapp Snap Creator Framework -
Oracle Blockchain Platform
Oracle Communications Converged Application Server - Service Controller 6.2
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Communications Services Gatekeeper 7.0
Oracle Communications Session Route Manager
Oracle Flexcube Private Banking 12.0.0
7.5
CVSSv3
CVE-2021-37137
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can ...
Netty Netty
Oracle Banking Apis
Oracle Banking Apis 19.1
Oracle Banking Apis 19.2
Oracle Banking Apis 20.1
Oracle Banking Apis 21.1
Oracle Banking Digital Experience 18.1
Oracle Banking Digital Experience 18.2
Oracle Banking Digital Experience 18.3
Oracle Banking Digital Experience 19.1
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
7.5
CVSSv3
CVE-2019-10172
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
Fasterxml Jackson-mapper-asl
Redhat Jboss Enterprise Application Platform 7.0
Redhat Jboss Fuse 7.0.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Apache Spark 3.0.1
1 Github repository
7.5
CVSSv3
CVE-2021-40690
All versions of Apache Santuario - XML Security for Java before 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an malicious user to abuse an XP...
Apache Santuario Xml Security For Java
Apache Cxf 3.4.4
Apache Tomee
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Agile Plm 9.3.6
Oracle Commerce Guided Search 11.3.2
Oracle Commerce Platform 11.3.2
Oracle Communications Diameter Intelligence Hub
Oracle Communications Messaging Server 8.1
Oracle Flexcube Private Banking 12.1.0
2 Github repositories
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-22207
joomla! cms
CVE-2024-45774
post smtp – wordpress smtp plugin with email logs and mobile app for failure notifications – gmail smtp, office 365, brevo, mailgun, amazon ses and more
XSS
CVE-2025-1094
CVE-2025-22656
malicious code
CVE-2025-0108
CVE-2024-13438
infusionsoft
XXE
supporthost
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »