CVE-2020-26217
- EPSS 93.01%
- Published 16.11.2020 21:15:12
- Last modified 23.05.2025 16:54:19
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone...
CVE-2020-8203
- EPSS 2.44%
- Published 15.07.2020 17:15:11
- Last modified 21.11.2024 05:38:29
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVE-2019-12399
- EPSS 3.16%
- Published 14.01.2020 15:15:12
- Last modified 21.11.2024 04:22:45
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring...
CVE-2019-0228
- EPSS 7.84%
- Published 17.04.2019 15:29:00
- Last modified 21.11.2024 04:16:32
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.