| admin-center |
CVE-2025-24970 |
HIGH |
io.netty:netty-handler: SslHandler doesn’t correctly validate packets which can lead to native crash when using native SSLEngine |
3.2.0-funcrel |
| admin-center |
CVE-2019-17495 |
CRITICAL |
Cross-site scripting in Swagger-UI |
3.2.0-funcrel |
| admin-center |
CVE-2024-41909 |
HIGH |
mina-sshd: integrity check bypass vulnerability |
3.2.0-funcrel |
| admin-center |
CVE-2025-24813 |
CRITICAL |
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT |
3.2.0-funcrel |
| admin-center |
CVE-2025-22228 |
HIGH |
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length |
3.2.0-funcrel |
| admin-center |
CVE-2016-1000027 |
CRITICAL |
spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization |
3.2.0-funcrel |
| admin-center |
CVE-2024-38816 |
HIGH |
spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource |
3.2.0-funcrel |
| admin-center |
CVE-2024-38819 |
HIGH |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks |
3.2.0-funcrel |
| admin-center |
CVE-2024-38816 |
HIGH |
spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource |
3.2.0-funcrel |
| admin-center |
CVE-2024-38819 |
HIGH |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks |
3.2.0-funcrel |
| admin-center |
CVE-2022-1471 |
HIGH |
SnakeYaml: Constructor Deserialization Remote Code Execution |
3.2.0-funcrel |
| analysis-node |
CVE-2024-7254 |
HIGH |
protobuf: StackOverflow vulnerability in Protocol Buffers |
3.2.0-funcrel |
| analysis-node |
CVE-2024-47554 |
HIGH |
apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader |
3.2.0-funcrel |
| analysis-node |
CVE-2024-57699 |
HIGH |
json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) |
3.2.0-funcrel |
| analysis-node |
CVE-2025-24813 |
CRITICAL |
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT |
3.2.0-funcrel |
| analysis-node |
CVE-2022-41404 |
HIGH |
org.ini4j: unspecified DoS |
3.2.0-funcrel |
| analysis-node |
CVE-2024-38807 |
HIGH |
Applications that use spring-boot-loaderor spring-boot-loader-classica … |
3.2.0-funcrel |
| analysis-node |
CVE-2025-22228 |
HIGH |
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length |
3.2.0-funcrel |
| analysis-node |
CVE-2016-1000027 |
CRITICAL |
spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization |
3.2.0-funcrel |
| analysis-node |
CVE-2024-38816 |
HIGH |
spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource |
3.2.0-funcrel |
| analysis-node |
CVE-2024-38819 |
HIGH |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks |
3.2.0-funcrel |
| analysis-node |
CVE-2022-1471 |
HIGH |
SnakeYaml: Constructor Deserialization Remote Code Execution |
3.2.0-funcrel |
| analysis-node |
CVE-2022-1471 |
HIGH |
SnakeYaml: Constructor Deserialization Remote Code Execution |
3.2.0-funcrel |
| auth-service |
CVE-2025-24970 |
HIGH |
io.netty:netty-handler: SslHandler doesn’t correctly validate packets which can lead to native crash when using native SSLEngine |
3.2.0-funcrel |
| auth-service |
CVE-2024-57699 |
HIGH |
json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) |
3.2.0-funcrel |
| auth-service |
CVE-2024-10039 |
HIGH |
keycloak-core: mTLS passthrough |
3.2.0-funcrel |
| auth-service |
CVE-2025-22228 |
HIGH |
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length |
3.2.0-funcrel |
| console |
CVE-2025-24970 |
HIGH |
io.netty:netty-handler: SslHandler doesn’t correctly validate packets which can lead to native crash when using native SSLEngine |
3.2.0-funcrel |
| console |
CVE-2025-22228 |
HIGH |
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length |
3.2.0-funcrel |
| console |
CVE-2016-1000027 |
CRITICAL |
spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization |
3.2.0-funcrel |
| console |
CVE-2024-38816 |
HIGH |
spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource |
3.2.0-funcrel |
| console |
CVE-2024-38819 |
HIGH |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks |
3.2.0-funcrel |
| console |
CVE-2024-38816 |
HIGH |
spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource |
3.2.0-funcrel |
| console |
CVE-2024-38819 |
HIGH |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks |
3.2.0-funcrel |
| console |
CVE-2022-1471 |
HIGH |
SnakeYaml: Constructor Deserialization Remote Code Execution |
3.2.0-funcrel |
| gateway |
CVE-2025-24970 |
HIGH |
io.netty:netty-handler: SslHandler doesn’t correctly validate packets which can lead to native crash when using native SSLEngine |
3.2.0-funcrel |
| gateway |
CVE-2025-24813 |
CRITICAL |
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT |
3.2.0-funcrel |
| gateway |
CVE-2025-22228 |
HIGH |
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length |
3.2.0-funcrel |
| sso-service |
CVE-2025-24970 |
HIGH |
io.netty:netty-handler: SslHandler doesn’t correctly validate packets which can lead to native crash when using native SSLEngine |
3.2.0-funcrel |
| sso-service |
CVE-2024-12397 |
HIGH |
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling |
3.2.0-funcrel |
| sso-service |
CVE-2024-10039 |
HIGH |
keycloak-core: mTLS passthrough |
3.2.0-funcrel |
| sso-service |
CVE-2024-10451 |
HIGH |
org.keycloak:keycloak-quarkus-server: Sensitive Data Exposure in Keycloak Build Process |
3.2.0-funcrel |
| sso-service |
CVE-2024-10270 |
HIGH |
org.keycloak:keycloak-services: Keycloak Denial of Service |
3.2.0-funcrel |
| dashboards |
CVE-2020-36518 |
HIGH |
jackson-databind: denial of service via a large depth of nested objects |
3.2.0-funcrel |
| dashboards |
CVE-2021-46877 |
HIGH |
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode |
3.2.0-funcrel |
| dashboards |
CVE-2022-42003 |
HIGH |
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS |
3.2.0-funcrel |
| dashboards |
CVE-2022-42004 |
HIGH |
jackson-databind: use of deeply nested arrays |
3.2.0-funcrel |
| dashboards |
CVE-2021-22569 |
HIGH |
protobuf-java: potential DoS in the parsing procedure for binary data |
3.2.0-funcrel |
| dashboards |
CVE-2021-22570 |
HIGH |
protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference |
3.2.0-funcrel |
| dashboards |
CVE-2022-3509 |
HIGH |
protobuf-java: Textformat parsing issue leads to DoS |
3.2.0-funcrel |
| dashboards |
CVE-2022-3510 |
HIGH |
protobuf-java: Message-Type Extensions parsing issue leads to DoS |
3.2.0-funcrel |
| dashboards |
CVE-2024-7254 |
HIGH |
protobuf: StackOverflow vulnerability in Protocol Buffers |
3.2.0-funcrel |
| dashboards |
CVE-2024-47554 |
HIGH |
apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader |
3.2.0-funcrel |
| dashboards |
CVE-2021-35515 |
HIGH |
apache-commons-compress: infinite loop when reading a specially crafted 7Z archive |
3.2.0-funcrel |
| dashboards |
CVE-2021-35516 |
HIGH |
apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive |
3.2.0-funcrel |
| dashboards |
CVE-2021-35517 |
HIGH |
apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive |
3.2.0-funcrel |
| dashboards |
CVE-2021-36090 |
HIGH |
apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive |
3.2.0-funcrel |
| dashboards |
CVE-2022-45688 |
HIGH |
json stack overflow vulnerability |
3.2.0-funcrel |
| dashboards |
CVE-2023-5072 |
HIGH |
JSON-java: parser confusion leads to OOM |
3.2.0-funcrel |
| dashboards |
CVE-2022-1471 |
HIGH |
SnakeYaml: Constructor Deserialization Remote Code Execution |
3.2.0-funcrel |
| dashboards |
CVE-2022-25857 |
HIGH |
snakeyaml: Denial of Service due to missing nested depth limitation for collections |
3.2.0-funcrel |
| imaging-service |
CVE-2024-24790 |
CRITICAL |
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses |
3.2.0-funcrel |
| imaging-service |
CVE-2023-29403 |
HIGH |
golang: runtime: unexpected behavior of setuid/setgid binaries |
3.2.0-funcrel |
| imaging-service |
CVE-2023-39325 |
HIGH |
golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) |
3.2.0-funcrel |
| imaging-service |
CVE-2023-45283 |
HIGH |
The filepath package does not recognize paths with a ??\ prefix as sp … |
3.2.0-funcrel |
| imaging-service |
CVE-2023-45288 |
HIGH |
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS |
3.2.0-funcrel |
| imaging-service |
CVE-2024-34156 |
HIGH |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion |
3.2.0-funcrel |
| imaging-service |
CVE-2024-45337 |
CRITICAL |
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto |
3.2.0-funcrel |
| imaging-service |
CVE-2025-22869 |
HIGH |
golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh |
3.2.0-funcrel |
| imaging-service |
CVE-2024-34156 |
HIGH |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion |
3.2.0-funcrel |
| imaging-service |
CVE-2024-45337 |
CRITICAL |
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto |
3.2.0-funcrel |
| imaging-service |
CVE-2025-22869 |
HIGH |
golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh |
3.2.0-funcrel |
| imaging-service |
CVE-2024-34156 |
HIGH |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion |
3.2.0-funcrel |
| neo4j |
CVE-2024-7254 |
HIGH |
protobuf: StackOverflow vulnerability in Protocol Buffers |
3.2.0-funcrel |
| neo4j |
CVE-2025-24970 |
HIGH |
io.netty:netty-handler: SslHandler doesn’t correctly validate packets which can lead to native crash when using native SSLEngine |
3.2.0-funcrel |
| neo4j |
CVE-2024-57699 |
HIGH |
json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) |
3.2.0-funcrel |
| neo4j |
CVE-2024-57699 |
HIGH |
json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) |
3.2.0-funcrel |
| neo4j |
CVE-2024-57699 |
HIGH |
json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) |
3.2.0-funcrel |
| neo4j |
CVE-2024-57699 |
HIGH |
json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) |
3.2.0-funcrel |
| open-ai-services |
CVE-2024-34069 |
HIGH |
python-werkzeug: user may execute code on a developer’s machine |
3.2.0-funcrel |