Multiple Zoho ManageEngine on-premise products allow unauthenticated remote code execution through SAML SSO functionality due to use of a vulnerable Apache XML Security library, massively exploited in January 2023.
Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.