|Max CVSS||7.5||Min CVSS||4.0||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
SubTypeValidator.java in FasterXML jackson-databind before 184.108.40.206 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
|22-04-2022 - 16:03||29-07-2019 - 12:15|
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja
|20-04-2022 - 00:15||17-05-2019 - 17:29|
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
|20-02-2022 - 06:11||25-07-2019 - 21:15|
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized informa
|29-10-2021 - 16:01||08-01-2020 - 15:15|
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in
|20-10-2020 - 22:15||19-06-2019 - 14:15|
||01-10-2020 - 00:15||17-05-2019 - 17:29|
||30-09-2020 - 18:09||25-07-2019 - 21:15|
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or
|11-12-2019 - 14:44||15-10-2019 - 19:15|