Skip to main content

Webcenter Sites

50 CVEs product

Monthly

CVE-2024-20908 MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2021-32808 npm MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Fedora Application Express Banking Party Management +9
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-29505 Maven HIGH POC PATCH THREAT This Week

XStream is software for serializing Java objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Java Xstream Debian Linux +15
NVD GitHub
CVSS 3.1
8.8
EPSS
77.7%
CVE-2021-27906 Maven MEDIUM PATCH This Month

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.0.22 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Pdfbox Fedora Banking Corporate Lending Process Management +16
NVD
CVSS 3.1
5.5
EPSS
3.3%
CVE-2021-27807 Maven MEDIUM PATCH This Month

A carefully crafted PDF file can trigger an infinite loop while loading the file.0.22 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Denial Of Service Pdfbox Fedora Banking Trade Finance Process Management +12
NVD
CVSS 3.1
5.5
EPSS
3.0%
CVE-2021-26272 npm MEDIUM PATCH This Month

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ckeditor Agile Plm Application Express Banking Party Management +6
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-26271 npm MEDIUM PATCH This Month

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ckeditor Agile Plm Application Express Financial Services Analytical Applications Infrastructure +3
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-14613 MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Webcenter Sites
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-11023 LIB MEDIUM POC KEV PATCH THREAT This Month

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Debian Linux Fedora Drupal +48
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
83.8%
CVE-2020-2739 HIGH This Week

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Webcenter Sites
NVD
CVSS 3.1
7.4
EPSS
1.9%
CVE-2020-5258 npm HIGH POC PATCH This Week

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. Public exploit code available.

Node.js RCE Code Injection Dojo Debian Linux +8
NVD GitHub
CVSS 3.1
7.7
EPSS
4.0%
CVE-2020-7226 Maven HIGH POC PATCH This Week

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Cryptacular Communications Services Gatekeeper Webcenter Sites +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-2539 MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Webcenter Sites
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-2538 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Webcenter Sites
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2019-12415 Maven MEDIUM PATCH This Month

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Microsoft Apache Poi Application Testing Suite +25
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-17531 Maven CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind Debian Linux Jboss Enterprise Application Platform +19
NVD GitHub
CVSS 3.1
9.8
EPSS
5.3%
CVE-2019-16943 Maven CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux Fedora Jboss Enterprise Application Platform +22
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-16942 Maven CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind Debian Linux Fedora +25
NVD GitHub
CVSS 3.1
9.8
EPSS
5.7%
CVE-2019-13990 Maven CRITICAL PATCH Act Now

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Quartz Apache Batik Mapviewer Banking Enterprise Originations +28
NVD GitHub
CVSS 3.1
9.8
EPSS
16.2%
CVE-2019-2579 MEDIUM POC PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
4.3
EPSS
6.1%
CVE-2019-2578 HIGH POC PATCH THREAT This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.6
EPSS
72.4%
CVE-2019-5427 Maven HIGH POC PATCH This Week

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure C3P0 Fedora Communications Ip Service Activator Communications Session Route Manager +7
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2019-11358 LIB MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery Debian Linux Drupal +102
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
87.2%
CVE-2019-0228 Maven CRITICAL PATCH Act Now

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Pdfbox James Fedora +11
NVD
CVSS 3.1
9.8
EPSS
9.5%
CVE-2018-15756 Maven HIGH PATCH This Week

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Spring Framework Agile Plm Communications Brm Elastic Charging Engine +37
NVD
CVSS 3.1
7.5
EPSS
9.5%
CVE-2018-3238 MEDIUM POC PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Webcenter Sites
NVD
CVSS 3.0
6.9
EPSS
4.6%
CVE-2018-2791 HIGH POC PATCH THREAT This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Webcenter Sites
NVD Exploit-DB
CVSS 3.0
8.2
EPSS
39.5%
CVE-2018-2584 MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Webcenter Sites
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2017-10033 MEDIUM POC PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Support Tools). Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. Public exploit code available.

Authentication Bypass Oracle Webcenter Sites
NVD Exploit-DB
CVSS 3.0
4.0
EPSS
0.6%
CVE-2017-3603 LOW PATCH Monitor

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
3.1
EPSS
0.2%
CVE-2017-3602 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2017-3598 LOW PATCH Monitor

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
3.1
EPSS
0.2%
CVE-2017-3597 MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
5.7
EPSS
0.3%
CVE-2017-3596 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
7.6
EPSS
0.6%
CVE-2017-3595 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2017-3594 MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2017-3593 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
7.1
EPSS
0.7%
CVE-2017-3591 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
7.1
EPSS
0.9%
CVE-2017-3554 HIGH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-3545 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Blob Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.2
EPSS
3.0%
CVE-2017-3543 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.6
EPSS
1.7%
CVE-2017-3542 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.6
EPSS
1.7%
CVE-2017-3541 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-3540 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Webcenter Sites
NVD
CVSS 3.0
8.6
EPSS
1.1%
CVE-2016-5511 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Webcenter Sites
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-3502 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Webcenter Sites
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-3487 HIGH PATCH This Week

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle Webcenter Sites
NVD
CVSS 3.0
8.1
EPSS
4.9%
CVE-2015-3253 Maven CRITICAL PATCH Act Now

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 69.7%.

RCE Denial Of Service Java Apache Groovy +5
NVD
CVSS 3.0
9.8
EPSS
69.7%
Threat
4.1
CVE-2014-0107 Maven HIGH PATCH This Week

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Java Apache Xalan Java Webcenter Sites
NVD VulDB
CVSS 2.0
7.5
EPSS
8.8%
CVE-2013-4316 Maven CRITICAL PATCH Act Now

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Struts Flexcube Private Banking Mysql Enterprise Monitor +1
NVD
CVSS 2.0
10.0
EPSS
6.2%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Fedora +11
NVD GitHub
EPSS 78% CVSS 8.8
HIGH POC PATCH THREAT This Week

XStream is software for serializing Java objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Java +17
NVD GitHub
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.0.22 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Pdfbox +18
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

A carefully crafted PDF file can trigger an infinite loop while loading the file.0.22 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Denial Of Service Pdfbox +14
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ckeditor Agile Plm +8
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ckeditor Agile Plm +5
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Webcenter Sites
NVD
EPSS 84% CVSS 6.1
MEDIUM POC KEV PATCH THREAT This Month

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Debian Linux +50
NVD GitHub Exploit-DB
EPSS 2% CVSS 7.4
HIGH This Week

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Webcenter Sites
NVD
EPSS 4% CVSS 7.7
HIGH POC PATCH This Week

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. Public exploit code available.

Node.js RCE Code Injection +10
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Cryptacular +3
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Webcenter Sites
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Webcenter Sites
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Microsoft Apache +27
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind +21
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux +24
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind +27
NVD GitHub
EPSS 16% CVSS 9.8
CRITICAL PATCH Act Now

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Quartz +30
NVD GitHub
EPSS 6% CVSS 4.3
MEDIUM POC PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
EPSS 72% CVSS 8.6
HIGH POC PATCH THREAT This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure C3P0 Fedora +9
NVD
EPSS 87% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery +104
NVD GitHub Exploit-DB
EPSS 9% CVSS 9.8
CRITICAL PATCH Act Now

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Pdfbox +13
NVD
EPSS 10% CVSS 7.5
HIGH PATCH This Week

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Spring Framework +39
NVD
EPSS 5% CVSS 6.9
MEDIUM POC PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Webcenter Sites
NVD
EPSS 39% CVSS 8.2
HIGH POC PATCH THREAT This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Webcenter Sites
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Webcenter Sites
NVD
EPSS 1% CVSS 4.0
MEDIUM POC PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Support Tools). Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. Public exploit code available.

Authentication Bypass Oracle Webcenter Sites
NVD Exploit-DB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Authentication Bypass Oracle Webcenter Sites
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Authentication Bypass Oracle Webcenter Sites
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
EPSS 1% CVSS 7.6
HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authentication Bypass Oracle +1
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Authentication Bypass Oracle Webcenter Sites
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Webcenter Sites
NVD
EPSS 3% CVSS 8.2
HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Blob Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
EPSS 2% CVSS 8.6
HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Oracle +1
NVD
EPSS 2% CVSS 8.6
HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Oracle +1
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Webcenter Sites
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Webcenter Sites
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Webcenter Sites
NVD
EPSS 5% CVSS 8.1
HIGH PATCH This Week

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle Webcenter Sites
NVD
EPSS 70% 4.1 CVSS 9.8
CRITICAL PATCH Act Now

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 69.7%.

RCE Denial Of Service Java +7
NVD
EPSS 9% CVSS 7.5
HIGH PATCH This Week

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Java Apache +2
NVD VulDB
EPSS 6% CVSS 10.0
CRITICAL PATCH Act Now

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Struts +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy