📦 Oncommand Workflow Automation

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache CXF's Aegis DataBinding component. It allows attackers to make unauthorized HTTP requests from the vulnerable server to ...

CVE-2022-23852 is a signed integer overflow vulnerability in Expat (libexpat) XML parser that can lead to buffer overflow. When XML_CONTEXT_BYTES is configured to a nonzero value, XML_GetBuffer can ov...

Node.js DNS library vulnerability allows remote code execution, XSS, and application crashes due to improper validation of DNS responses. Attackers can inject malicious hostnames leading to domain hij...

This vulnerability allows attackers to bypass Sparkle's (Ed)DSA signature verification and replace legitimate software updates with malicious payloads. Any macOS application using Sparkle for automati...

CVE-2024-28757 is an XML Entity Expansion vulnerability in libexpat that allows attackers to cause denial of service through resource exhaustion when external parsers are created via XML_ExternalEntit...

This vulnerability in 7-Zip's PPMd7 compression module allows attackers to craft malicious 7Z archives that trigger an integer underflow, leading to invalid memory reads. Successful exploitation could...

CVE-2023-1108 is a denial-of-service vulnerability in Undertow's SSL/TLS implementation where an infinite loop in the handshake process can crash the server. This affects any system running vulnerable...

This vulnerability in curl versions before 7.83.1 could cause the wrong file to be deleted when using the --no-clobber option with --remove-on-error. It affects systems using curl with these specific ...

CVE-2022-1292 is a command injection vulnerability in the c_rehash script distributed with OpenSSL. It allows attackers to execute arbitrary commands with script privileges when the script processes u...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition allows unauthenticated attackers with network access to modify critical data without authorization. It affects Java deployments runn...

This vulnerability in zlib allows memory corruption during compression (deflating) when processing input with many distant matches. It affects any software using vulnerable zlib versions for compressi...

CVE-2020-36518 is a denial-of-service vulnerability in Jackson Databind where processing deeply nested JSON objects causes a Java StackOverflowError, crashing the application. This affects any Java ap...

This CVE describes a prototype pollution vulnerability in Node.js's console.table() function when user-controlled input is passed to the 'properties' parameter alongside an object with '__proto__' as ...

This vulnerability in Apache ActiveMQ Artemis allows attackers to cause a denial-of-service (DoS) condition by consuming excessive memory resources. Systems running vulnerable versions of ActiveMQ Art...

This vulnerability in MySQL Server's optimizer component allows authenticated attackers with network access to cause denial of service (server crashes/hangs) and perform unauthorized data modification...

This vulnerability in MySQL Server's optimizer component allows authenticated attackers with network access to cause denial of service (server crashes/hangs) and modify some database data. It affects ...

CVE-2021-46143 is an integer overflow vulnerability in Expat's XML parser that can lead to heap memory corruption. Attackers can exploit this by providing specially crafted XML input, potentially caus...

This vulnerability allows attackers to trick libcurl applications into using a malicious client certificate instead of the intended one when running in writable directories like /tmp. It affects appli...

CVE-2021-22901 is a use-after-free vulnerability in curl/libcurl that allows a malicious TLS 1.3 server to potentially execute arbitrary code on the client. This affects curl clients using OpenSSL wit...

CVE-2021-29489 is a cross-site scripting (XSS) vulnerability in Highcharts JS versions 8 and earlier. It allows attackers to inject malicious scripts through untrusted chart options, potentially execu...

This OpenSSL vulnerability allows certificate chain validation to be bypassed when the X509_V_FLAG_X509_STRICT flag is explicitly set. It affects applications using OpenSSL 1.1.1h-1.1.1j that enable s...

This vulnerability in MySQL Server's Optimizer component allows high-privileged attackers with network access to cause denial of service by crashing or hanging the server. Affected versions include My...

This vulnerability in Oracle Java SE's 2D component allows unauthenticated attackers with network access to potentially modify or read some accessible data. It affects multiple Java versions and Graal...