The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.7%.
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.
The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.
Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.