Overview
- opf
- openproject
Description
Statistics
- 1 Post
Fediverse
⚠️ CVE-2026-25763: CRITICAL OS command injection in OpenProject (<16.6.7, <17.0.3) allows RCE via repository changes endpoint. Patch now! Restrict browse_repository access & monitor for suspicious activity. Details: https://radar.offseq.com/threat/cve-2026-25763-cwe-78-improper-neutralization-of-s-f2d1f8d7 #OffSeq #OpenProject #Vuln
Overview
Description
Statistics
- 1 Post
Overview
- quickjs-ng
- quickjs
Description
Statistics
- 1 Post
Overview
- quickjs-ng
- quickjs
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Fediverse
Apache Tomcat is far and away the most likely intended target given port 8080 and the Java exception body content. The DefaultServlet with readonly=false in web.xml is the textbook case (CVE-2017-12615, CVE-2017-12617). Eclipse Jetty can also expose similar behavior if its DefaultServlet or WebDAV module is configured to allow PUT writes. Apache TomEE, being Tomcat-based with Jakarta EE extensions, inherits all of the same misconfigurations. (5/15)
Overview
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Fediverse
Apache Tomcat is far and away the most likely intended target given port 8080 and the Java exception body content. The DefaultServlet with readonly=false in web.xml is the textbook case (CVE-2017-12615, CVE-2017-12617). Eclipse Jetty can also expose similar behavior if its DefaultServlet or WebDAV module is configured to allow PUT writes. Apache TomEE, being Tomcat-based with Jakarta EE extensions, inherits all of the same misconfigurations. (5/15)
Overview
Description
Statistics
- 1 Post