Static HTTP Server 1.0 has a Local Overflow

A Path traversal exists in http_server which allows an attacker to read arbitrary system files.

eDeploy has tmp file race condition flaws

eDeploy has RCE via cPickle deserialization of untrusted data

An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies

eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.