CVE-2022-21560
- EPSS 0.88%
- Veröffentlicht 19.07.2022 22:15:12
- Zuletzt bearbeitet 21.11.2024 06:44:57
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with n...
CVE-2022-21564
- EPSS 0.88%
- Veröffentlicht 19.07.2022 22:15:12
- Zuletzt bearbeitet 21.11.2024 06:44:58
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacke...
CVE-2022-24891
- EPSS 1.63%
- Veröffentlicht 27.04.2022 21:15:08
- Zuletzt bearbeitet 03.11.2025 20:15:53
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for ...
CVE-2022-23457
- EPSS 2.67%
- Veröffentlicht 25.04.2022 20:15:41
- Zuletzt bearbeitet 03.11.2025 20:15:52
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat...
CVE-2022-29577
- EPSS 1.28%
- Veröffentlicht 21.04.2022 23:15:10
- Zuletzt bearbeitet 21.11.2024 06:59:20
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix ...
CVE-2022-21453
- EPSS 0.85%
- Veröffentlicht 19.04.2022 21:15:16
- Zuletzt bearbeitet 21.11.2024 06:44:44
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker wit...
- EPSS 1.3%
- Veröffentlicht 19.04.2022 21:15:15
- Zuletzt bearbeitet 21.11.2024 06:44:42
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with n...
CVE-2022-24839
- EPSS 2.11%
- Veröffentlicht 11.04.2022 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:51:12
org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. ...
CVE-2022-22965
- EPSS 99.68%
- Veröffentlicht 01.04.2022 23:15:13
- Zuletzt bearbeitet 30.10.2025 19:56:43
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Sp...
CVE-2020-36518
- EPSS 4.86%
- Veröffentlicht 11.03.2022 07:15:07
- Zuletzt bearbeitet 27.08.2025 21:15:36
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.