Total
164 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-16621 | 1 Sonatype | 1 Nexus Repository Manager | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. | |||||
CVE-2019-9041 | 1 Zzzcms | 1 Zzzphp | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring. | |||||
CVE-2018-12533 | 1 Redhat | 1 Richfaces | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310. | |||||
CVE-2018-12532 | 1 Redhat | 1 Richfaces | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309. |