CVE-2025-30756

all versions

Vulnerability in Oracle REST Data Services (component: General). The supported version that is affected is 24.2.0. Easily exploi

6.1MEDIUM

CVE-2021-41184

< 22.1.1

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the `.

6.5MEDIUM

CVE-2021-41183

< 22.1.1

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options o

6.5MEDIUM

CVE-2021-41182

< 22.1.1

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of

6.5MEDIUM

CVE-2021-32014

< 21.2.4

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx documen

5.5MEDIUM

CVE-2021-32013

< 21.2.4

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx docu

5.5MEDIUM

CVE-2021-32012

< 21.2.4

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx docu

5.5MEDIUM

CVE-2021-34429

< 22.1.1

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to acce

5.3MEDIUM

CVE-2021-34428

< 21.3

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed()

2.9LOW

CVE-2021-28169

< 21.3

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded

5.3MEDIUM

CVE-2021-29425

< 21.2

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",

4.8MEDIUM

CVE-2021-28165

< 21.3

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a

7.5HIGH

CVE-2020-27223

< 20.4.3.050.1904

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multi

5.2MEDIUM

CVE-2020-27218

< 20.4.3.050.1904

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP

4.8MEDIUM

CVE-2020-14745

< 20.2.1

Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that

4.3MEDIUM

CVE-2020-14744

< 20.2.1

Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that

6.5MEDIUM

CVE-2020-11023

all versions

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sourc

6.9MEDIUM

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-10246

all versions

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualifie

5.3MEDIUM

CVE-2019-10241

all versions

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a

6.1MEDIUM

CVE-2019-11358

all versions

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec

6.1MEDIUM

CVE-2017-7658

all versions

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations

9.8CRITICAL

CVE-2017-7657

all versions

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 complian

9.8CRITICAL

CVE-2017-9735

all versions

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obt

7.5HIGH