CVE-2021-37695

all versions

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdito

7.3HIGH

CVE-2021-32809

all versions

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdito

4.6MEDIUM

CVE-2021-32808

all versions

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Wid

7.6HIGH

CVE-2021-2351

>= 12.6.2 and <= 12.6.4

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1

8.3HIGH

CVE-2021-22118

>= 12.6.0 and <= 12.6.4

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a pr

7.8HIGH

CVE-2020-36183

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36182

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36180

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36189

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-36188

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-36187

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36186

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36185

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36184

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36181

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-35491

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-35490

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-10683

>= 12.6.0 and <= 12.6.4

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. H

9.8CRITICAL

CVE-2020-5258

>= 12.6.0 and <= 12.6.4

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers t

7.7HIGH

CVE-2019-10219

>= 12.6.0 and <= 12.6.4

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-13990

>= 12.6.0 and <= 12.6.4

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a jo

9.8CRITICAL

CVE-2019-5427

>= 12.6.0 and <= 12.6.6

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections again

7.5HIGH

CVE-2016-0635

<= 12.5

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2,

8.8HIGH