Search Vulnerabilities

jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion

XWiki Blog Application home page vulnerable to Stored XSS via Post Title

Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound

Apache Artemis and Apache ActiveMQ Artemis are Missing Authentication for Critical Functions

Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch

Apache Ranger has a Code Injection vulnerability

PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages

jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

Junrar has an arbitrary file write due to backslash Path Traversal bypass in LocalFolderExtractor on Linux/Unix

Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass

Keycloak Server Private SPI: Improper Access Control Allows Administrators to Bypass Attribute Visibility Restrictions and Modify Unmanaged User Pr...

Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner

PSI Probe vulnerable to Server-Side Request Forgery

PSI Probe: Broken access control can lead to DoS

c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

mchange-commons-java: Remote Code Execution via JNDI Reference Resolution

Apache Camel Deserializes Untrusted Data in its LevelDB Component

Apache Camel: KeycloakSecurityPolicy does not validate issuer of JWT tokens against configured realm

carbon-apimgt does not properly restrict uploaded files

Keycloak: Missing Check on Disabled Client for Docker Registry Protocol