Filters
Software
maven/io.quarkus:quarkus-smallrye-graphql-clientQuarkus: graphql operations over websockets bypass
9.1
EPSS
0.07%
First published (updated )
Quarkus QuarkusQuarkus: json payload getting processed prior to security checks when rest resources are used with annotations.
9.8
First published (updated )
Quarkus QuarkusQuarkus: build env information disclosure via gradle plugin
7.7
EPSS
0.09%
First published (updated )
maven/io.quarkus:quarkus-oidcQuarkus-oidc: id and access tokens leak via the authorization code flow
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Quarkus QuarkusIn Quarkus' RESTEasy Reactive component, usage of File.createTempFile() class in the FileBodyHandler…
3.3
First published (updated )
Quarkus QuarkusQuarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET o…
7.5
First published (updated )
redhat/candlepinIn FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur …
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/eap7-jackson-databindIn FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a ch…
7.5
First published (updated )
Quarkus QuarkusIt was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to u…
9.8
First published (updated )
redhat/quarkusA flaw was found in Quarkus. The state and potentially associated permissions can leak from one web …
8.8
First published (updated )
Postgresql Postgresql Jdbc DriverUnchecked Class Instantiation when providing Plugin Classes
9.8
First published (updated )
redhat/eap7-wildflyVulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported ve…
6.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/rh-sso7-keycloakHTTP fails to validate against control chars in header names which may lead to HTTP request smuggling
6.5
First published (updated )
Quarkus QuarkusMySQL Connector/J has no security check when external general entities are included in XML sources, …
7.9
First published (updated )
Oracle Financial Services Enterprise Case ManagementTiming Attack Vulnerability for Apache Kafka Connect and Clients
5.9
First published (updated )
Oracle Banking Digital ExperienceLast updated 24 July 2024
7.5
First published (updated )
Oracle Banking Digital ExperienceLast updated 24 July 2024
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/eap7-apache-cxfCrafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions
7.5
First published (updated )
redhat/eap7-wildfly-elytronA flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled…
5.3
First published (updated )
IBM Cloud Pak for Business Automationblock repositories using http by default
9.1
First published (updated )
Gradle GradleRepository content filters do not work in Settings pluginManagement
8
First published (updated )
Gradle GradleInformation disclosure through temporary directory permissions
5.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Gradle GradleLocal privilege escalation through system temporary directory
8.8
First published (updated )
redhat/eap7-elytron-webPossible request smuggling in HTTP/2 due missing validation of content-length
5.9
First published (updated )
redhat/eap7-nettyPossible request smuggling in HTTP/2 due missing validation
6.5
First published (updated )
redhat/eap7-resteasyA flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and m…
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
FasterXML jackson-dataformats-binaryDenial of Service (DoS)
7.5
First published (updated )
Mongodb Java DriverMongoDB Java driver client-side field level encryption not verifying KMS host name
6.8
First published (updated )
redhat/eap7-artemis-wildfly-integrationLocal Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files
6.2
First published (updated )
Redhat ResteasyUnder certain conditions and certain workloads, Resteasy can provide an incorrect response to an HTT…
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Oracle Primavera UnifierTemp directory permission issue in Guava
5.4
First published (updated )
redhat/eap7-activemq-artemisA flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow clie…
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Oracle Peoplesoft Enterprise Pt PeopletoolsThe Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a relate…
7.5
First published (updated )
redhat/rh-sso7-keycloakA flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP resp…
5.8
First published (updated )
Redhat Jboss Enterprise Application PlatformSQL Injection
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.