CVE-2026-34284

all versions

Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Human workflow 11g+)

6.1MEDIUM

CVE-2022-23307

all versions

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a compon

8.8HIGH

CVE-2022-23305

all versions

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted a

9.8CRITICAL

CVE-2022-23302

all versions

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the

8.8HIGH

CVE-2021-4104

all versions

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j config

7.5HIGH

CVE-2021-37714

all versions

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vu

7.5HIGH

CVE-2021-36090

all versions

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

7.5HIGH

CVE-2021-35517

all versions

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

7.5HIGH

CVE-2021-35516

all versions

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out

7.5HIGH

CVE-2021-35515

all versions

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infi

7.5HIGH

CVE-2020-17521

all versions

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of

5.5MEDIUM

CVE-2020-1945

all versions

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.

6.3MEDIUM

CVE-2020-10683

all versions

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. H

9.8CRITICAL

CVE-2020-1951

all versions

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.

5.5MEDIUM

CVE-2020-1950

all versions

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.

5.5MEDIUM

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-2904

all versions

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that

9.8CRITICAL

CVE-2019-17359

all versions

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMe

7.5HIGH

CVE-2019-2706

all versions

Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: BPM Foundation

8.2HIGH

CVE-2019-11358

all versions

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec

6.1MEDIUM

CVE-2018-19362

all versions

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jb

9.8CRITICAL

CVE-2018-19361

all versions

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the op

9.8CRITICAL

CVE-2018-19360

all versions

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the ax

9.8CRITICAL

CVE-2018-14719

all versions

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block

9.8CRITICAL

CVE-2018-14718

all versions

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block

9.8CRITICAL

CVE-2018-3246

all versions

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported ve

7.5HIGH

CVE-2018-11761

all versions

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an en

7.5HIGH

CVE-2018-3100

all versions

Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysi

9.1CRITICAL

CVE-2018-1000613

all versions

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-47

9.8CRITICAL

CVE-2018-1000180

all versions

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair genera

7.5HIGH

CVE-2015-9251

all versions

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the

6.1MEDIUM

CVE-2014-2948

<= 10.4

SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execut

CVE-2014-2947

<= 10.2

Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary

CVE-2007-6509

all versions

Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a