Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-c82x-f4xr-qv33
  • Maven/com.oviva.telematik:epa4all-rest-service
 epa4all-client: Unauthenticated REST API for Patient Record Writes 3 days ago
  • No fix available
  • Severity - 6.5 (Medium)
GHSA-5jh9-2h63-pw4q
  • Maven/cc.tweaked:cc-tweaked-1.19.3-core
  • Maven/cc.tweaked:cc-tweaked-1.19.4-core
  • Maven/cc.tweaked:cc-tweaked-1.20-core
  • Maven/cc.tweaked:cc-tweaked-1.20.1-core
  • Maven/cc.tweaked:cc-tweaked-1.20.4-core
  • ... 3 more
 CC-Tweaked has an SSRF Protection Bypass with NAT64 29 May
  • Fix available
  • Severity - 7.1 (High)
GHSA-2g95-6x5q-xjwj
  • Maven/org.yamcs:yamcs-core
 Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection 27 May
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-vmwp-vh32-rj75
  • Maven/org.yamcs:yamcs-core
 Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override 27 May
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-524g-x36v-9wm6
  • Maven/org.yamcs:yamcs-core
 Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory` 27 May
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-w5r6-mcgq-7pq4
  • Maven/org.yamcs:yamcs-core
 Yamcs has No Rate Limiting on Authentication Endpoint 27 May
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-p2rj-mrmc-9w29
  • Maven/org.yamcs:yamcs-core
 Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints 27 May
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-cqh3-jg8p-336j
  • Maven/org.yamcs:yamcs-core
 Yamcs Vulnerable to LDAP Injection in LdapAuthModule 26 May
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-f659-372h-6x3x
  • Maven/io.netty.incubator:netty-incubator-codec-ohttp
 netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures 26 May
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-rh28-mqj4-8x59
  • Maven/org.xwiki.platform:xwiki-platform-livetable-ui
 XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests 26 May
  • Fix available
  • Severity - 7.5 (High)
GHSA-vgwr-23fq-pr7g
  • Maven/org.xwiki.platform:xwiki-platform-webjars-api
 XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin 26 May
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-qrvh-r3f2-9h4r
  • Maven/org.xwiki.platform:xwiki-platform-rest-server
 XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName} 26 May
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-xq3r-2qv5-vqqm
  • Maven/org.xwiki.commons:xwiki-commons-classloader-api
 XWiki Platform has path traversal via resources parameter in ssx and jsx endpoints when using leading slash 26 May
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-9vmh-whc4-7phg
  • Maven/org.open-metadata:openmetadata-service
 OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users 21 May
  • Fix available
  • Severity - 8.3 (High)
GHSA-7xpr-hc2w-34m9
  • Maven/com.squareup.wire:wire-runtime
  • Maven/com.squareup.wire:wire-runtime-jvm
 Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service 19 May
  • Fix available
  • Severity - 7.5 (High)
GHSA-xm96-gfjx-jcrc
  • Maven/land.oras:oras-java-sdk
 ORAS Java: Path traversal in pullArtifact via attacker-controlled org.opencontainers.image.title annotation 19 May
  • Fix available
  • Severity - 8.1 (High)
Load more...