CVE-2018-3246
- EPSS 3.7%
- Published 17.10.2018 01:31:26
- Last modified 21.11.2024 04:05:31
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker wit...
CVE-2018-1000613
- EPSS 4.04%
- Published 09.07.2018 20:29:00
- Last modified 12.05.2025 17:37:16
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT priv...
CVE-2018-11039
- EPSS 2.92%
- Published 25.06.2018 15:29:00
- Last modified 21.11.2024 03:42:32
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring ...
CVE-2018-11040
- EPSS 8.25%
- Published 25.06.2018 15:29:00
- Last modified 21.11.2024 03:42:32
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controlle...
CVE-2018-1257
- EPSS 1.79%
- Published 11.05.2018 20:29:00
- Last modified 21.11.2024 03:59:28
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ...