commerce guided search · threatengine.sh

Home/Product/oracle commerce guided search

Product

oracle commerce guided search

52 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench). The supported version that

Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Tools and Frameworks). The supported ver

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted ce

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gate

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote att

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processi

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects th

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, t

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureVali

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdito

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdito

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Wid

Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Too

Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Too

Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Too

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infi

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a pr

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compa

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potent

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the pr

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.

>= 11.0 and < 11.3.1

Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Wor

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage i

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect servic

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves ope

Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 throu

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin