CVE-2018-1285 — CVSS 9.8 (critical): Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for…
CVE-2025-21547 — CVSS 9.1 (critical): Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions…
CVE-2024-21172 — CVSS 9.0 (critical): Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions…
CVE-2026-21967 — CVSS 8.6 (high): Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions…
CVE-2021-2351 — CVSS 8.3 (high): Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2…
CVE-2019-17566 — CVSS 7.5 (high): Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a…
CVE-2019-10086 — CVSS 7.3 (high): In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to…
CVE-2026-21966 — CVSS 6.1 (medium): Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported…
CVE-2020-17521 — CVSS 5.5 (medium): Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those…