CVE-2019-11358
- EPSS 2.4%
- Veröffentlicht 20.04.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:56
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...
CVE-2019-0211
- EPSS 85.73%
- Veröffentlicht 08.04.2019 22:29:00
- Zuletzt bearbeitet 04.04.2025 15:34:11
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with...
CVE-2018-15756
- EPSS 13.38%
- Veröffentlicht 18.10.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:24
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler,...
CVE-2018-8032
- EPSS 2.34%
- Veröffentlicht 02.08.2018 13:29:00
- Zuletzt bearbeitet 08.05.2025 18:13:51
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.