Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-mf3r-6m25-3867
  • Maven/com.liferay.portal:com.liferay.portal.kernel
Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session 2 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-vv7r-c36w-3prj
  • Maven/org.apache.commons:commons-fileupload2-core
Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers 2 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-8c26-xm99-53w7
  • Maven/com.liferay:com.liferay.portal.vulcan.impl
Liferay Portal does not limit the depth of a GraphQL queries 2 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-59w6-r9hm-439h
  • Maven/org.xwiki.platform:xwiki-platform-security-requiredrights-default
XWiki does not require right warnings for XClass definitions 2 days ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-jp4x-w9cj-97q7
  • Maven/org.xwiki.platform:xwiki-platform-oldcore
XWiki allows remote code execution through preview of XClass changes in AWM editor 2 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-j7p2-87q3-44w7
  • Maven/org.xwiki.platform:xwiki-platform-notifications-notifiers-default
XWiki does not require right warnings for notification displayer objects 2 days ago
  • Fix available
  • Severity - 6.4 (Medium)
GHSA-mvp5-qx9c-c3fv
  • Maven/org.xwiki.platform:xwiki-platform-rest-server
XWiki makes title of inaccessible pages available through the class property values REST API 2 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-ff6v-w58f-v97w
  • Maven/org.xwiki.platform:xwiki-platform-notifications-notifiers-default
XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right 2 days ago
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-c32m-27pj-4xcj
  • Maven/org.xwiki.platform:xwiki-platform-rendering-xwiki
  • Maven/org.xwiki.platform:xwiki-platform-rendering-macro-cache
  • Maven/org.xwiki.platform:xwiki-platform-security-requiredrights-default
  • Maven/org.xwiki.platform:xwiki-platform-rendering-macro-context
XWiki's required right warnings for macros are incomplete 2 days ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-m63q-4hr8-5r5h
  • Maven/org.noear:solon-faas-luffy
Solon Vulnerable to Directory Traversal 3 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-6r3c-xf4w-jxjm
  • Maven/org.springframework:spring-web
Spring Framework vulnerable to a reflected file download (RFD) 3 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-prwh-7838-xf82
  • Maven/org.xwiki.platform:xwiki-platform-oldcore
XWiki allows SQL injection in query endpoint of REST API with Oracle 3 days ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-hq9p-pm7w-8p54
  • Maven/org.postgresql:postgresql
pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration 5 days ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-68cf-j696-wvv9
  • Maven/org.geoserver:gs-wfs
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx 5 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-2p76-gc46-5fvc
  • Maven/org.geonetwork-opensource:gn-web-app
  • Maven/org.geonetwork-opensource:gn-wfsfeature-harvester
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint 5 days ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-jj54-8f66-c5pc
  • Maven/org.geoserver.web:gs-web-app
  • Maven/org.geoserver:gs-wfs
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service 5 days ago
  • Fix available
  • Severity - 8.2 (High)