📦 Commerce Guided Search
by Oracle
🔍 What is Commerce Guided Search?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2022-22947 is a critical remote code execution vulnerability in Spring Cloud Gateway when the Actuator endpoint is enabled and exposed without proper security controls. Attackers can send speciall...
This vulnerability in Oracle Commerce Guided Search allows unauthenticated attackers to remotely access sensitive data via HTTP. It affects Oracle Commerce Guided Search version 11.3.2, potentially ex...
CVE-2021-37136 is a denial-of-service vulnerability in Netty's Bzip2Decoder that allows attackers to trigger out-of-memory errors by sending specially crafted Bzip2 compressed data. The vulnerability ...
CVE-2021-39150 is a deserialization vulnerability in XStream library that allows remote attackers to access internal resources by manipulating XML input streams. Only affects users who rely on XStream...
CVE-2021-39154 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input streams. Only users who haven't implemented XStream...
CVE-2021-39144 is a remote code execution vulnerability in XStream library versions before 1.4.18. Attackers with sufficient privileges can execute arbitrary commands on the host by manipulating XML i...
CVE-2021-39146 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input streams. Only users who haven't implemented XStream...
CVE-2021-39148 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input streams. Only users who haven't implemented XStream...
CVE-2021-39151 is a remote code execution vulnerability in XStream library versions before 1.4.18. Attackers can manipulate XML input to execute arbitrary code on affected systems. Only users who have...
CVE-2021-39139 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input streams. Users are affected if they use XStream out...
CVE-2021-37695 is a cross-site scripting (XSS) vulnerability in CKEditor 4's Fake Objects plugin that allows attackers to inject malicious HTML that can execute JavaScript code in victims' browsers. I...
CVE-2021-32808 is a cross-site scripting (XSS) vulnerability in CKEditor 4 that allows attackers to execute arbitrary JavaScript code by exploiting a flaw in the clipboard Widget plugin when used with...
CVE-2021-35515 is a denial-of-service vulnerability in Apache Commons Compress's 7Z archive handling. When processing a specially crafted 7Z file, the codec list construction can enter an infinite loo...
CVE-2021-35517 is a denial-of-service vulnerability in Apache Commons Compress where specially crafted TAR archives can trigger excessive memory allocation, leading to out-of-memory errors. This affec...
This vulnerability allows a locally authenticated malicious user to escalate privileges in Spring Framework WebFlux applications by manipulating temporary storage directories. Attackers can read or mo...
This OpenSSL vulnerability allows certificate chain validation to be bypassed when the X509_V_FLAG_X509_STRICT flag is explicitly set. It affects applications using OpenSSL 1.1.1h-1.1.1j that enable s...
This vulnerability in Google Guava's createTempDir() method creates temporary directories with world-readable permissions on Unix-like systems, allowing any user on the same machine to potentially rea...