JAckLosingHeart

31 exploits Active since Apr 2018
CVE-2024-38819 GITHUB HIGH java WORKING POC
Spring WebMvc.fn and WebFlux.fn 6.1.0-6.1.13 - Path Traversal via Static Resource Handling
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
5 stars
CVSS 7.5
CVE-2024-51132 NOMISEC CRITICAL WORKING POC
HAPI FHIR < 6.4.0 - XML External Entity Injection via Crafted XML Request
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
1 stars
CVSS 9.8
CVE-2024-52800 NOMISEC LOW WRITEUP
veraPDF-library - XML External Entity Injection via Custom Schematron Policy Check
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. This issue has not yet been patched. Users are advised to be cautious of XSLT code until a patch is available.
CVE-2024-36823 NOMISEC HIGH STUB
Ninja Core v7.0.0 - Info Disclosure
The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information.
CVSS 7.5
CVE-2023-46442 NOMISEC MEDIUM WORKING POC
Soot < 4.4.1 - Denial of Service via Infinite Loop in retrieveActiveBody
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service (DoS).
CVSS 4.3
CVE-2023-46442 WRITEUP MEDIUM WORKING POC
Soot < 4.4.1 - Denial of Service via Infinite Loop in retrieveActiveBody
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service (DoS).
CVSS 4.3