Total
3145 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1818 | 1 Zframeworks | 1 Zz | 2025-05-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. This issue affects some unknown processing of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.upload. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-1834 | 1 Zframeworks | 1 Zz | 2025-05-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in zj1983 zz up to 2024-8. This affects an unknown part of the file /resolve. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2021-21350 | 6 Apache, Debian, Fedoraproject and 3 more | 16 Activemq, Jmeter, Debian Linux and 13 more | 2025-05-23 | 7.5 HIGH | 5.3 MEDIUM |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21347 | 6 Apache, Debian, Fedoraproject and 3 more | 16 Activemq, Jmeter, Debian Linux and 13 more | 2025-05-23 | 7.5 HIGH | 6.1 MEDIUM |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21346 | 6 Apache, Debian, Fedoraproject and 3 more | 16 Activemq, Jmeter, Debian Linux and 13 more | 2025-05-23 | 7.5 HIGH | 6.1 MEDIUM |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21344 | 6 Apache, Debian, Fedoraproject and 3 more | 16 Activemq, Jmeter, Debian Linux and 13 more | 2025-05-23 | 7.5 HIGH | 5.3 MEDIUM |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21351 | 6 Apache, Debian, Fedoraproject and 3 more | 16 Activemq, Jmeter, Debian Linux and 13 more | 2025-05-23 | 6.5 MEDIUM | 5.4 MEDIUM |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-39139 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Snapmanager and 12 more | 2025-05-23 | 6.5 MEDIUM | 8.5 HIGH |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | |||||
| CVE-2021-39141 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Snapmanager and 12 more | 2025-05-23 | 6.0 MEDIUM | 8.5 HIGH |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | |||||
| CVE-2021-39145 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Snapmanager and 12 more | 2025-05-23 | 6.0 MEDIUM | 8.5 HIGH |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | |||||
| CVE-2021-39147 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Snapmanager and 12 more | 2025-05-23 | 6.0 MEDIUM | 8.5 HIGH |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | |||||
| CVE-2021-39153 | 5 Debian, Fedoraproject, Netapp and 2 more | 13 Debian Linux, Fedora, Snapmanager and 10 more | 2025-05-23 | 6.0 MEDIUM | 8.5 HIGH |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | |||||
| CVE-2021-39149 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Snapmanager and 12 more | 2025-05-23 | 6.0 MEDIUM | 8.5 HIGH |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | |||||
| CVE-2021-39151 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Snapmanager and 12 more | 2025-05-23 | 6.0 MEDIUM | 8.5 HIGH |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | |||||
| CVE-2021-39146 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Snapmanager and 12 more | 2025-05-23 | 6.0 MEDIUM | 8.5 HIGH |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | |||||
| CVE-2021-39148 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Snapmanager and 12 more | 2025-05-23 | 6.0 MEDIUM | 8.5 HIGH |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | |||||
| CVE-2021-39154 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Snapmanager and 12 more | 2025-05-23 | 6.0 MEDIUM | 8.5 HIGH |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | |||||
| CVE-2024-55417 | 1 Thecontrolgroup | 1 Voyager | 2025-05-23 | N/A | 4.3 MEDIUM |
| DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server. | |||||
| CVE-2025-30169 | 2025-05-23 | N/A | 6.7 MEDIUM | ||
| File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | |||||
| CVE-2024-9544 | 2025-05-23 | N/A | 6.4 MEDIUM | ||
| The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||