CVE-2021-36090
- EPSS 0.28%
- Published 13.07.2021 08:15:07
- Last modified 21.11.2024 06:13:08
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services th...
CVE-2021-29425
- EPSS 0.48%
- Published 13.04.2021 07:15:12
- Last modified 21.11.2024 06:01:04
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but ...
- EPSS 10.88%
- Published 10.03.2021 08:15:14
- Last modified 21.11.2024 05:02:11
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to u...
CVE-2021-26272
- EPSS 0.2%
- Published 26.01.2021 21:15:12
- Last modified 21.11.2024 05:56:00
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
CVE-2020-27193
- EPSS 0.91%
- Published 12.11.2020 21:15:11
- Last modified 21.11.2024 05:20:50
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
CVE-2019-10219
- EPSS 1.67%
- Published 08.11.2019 15:15:11
- Last modified 07.07.2025 14:15:21
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.