A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and ea…

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.…

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__…

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead t…

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through whi…

In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vuln…

On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute command…

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerabilit…

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrai…

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote …

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but n…

Check Point Endpoint before version E86.50 failed to protect against specific registry change w…

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to p…

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attac…

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attack…

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public c…

Kylin can receive user input and load any class through Class.forName(...). This issue affects …

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, an…

elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and …

Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code e…

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java S…

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerabilit…

The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Re…

stimulus_reflex is a system to extend the capabilities of both Rails and Stimulus by intercepti…

vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management…

Craft CMS is a content management system (CMS). From version 5.6.0 to before version 5.9.13, a …

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JO…

A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary comma…

Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and…

In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possi…

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code …

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz managem…

In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execut…

Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0…

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerabilit…

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Version…

A website could have obscured the fullscreen notification by using a URL with a scheme handled …

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and o…

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels…

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack …