alibaba
Top products
Latest CVEs
The 12 most recently published vulnerabilities affecting alibaba.
- CVE-2025-70974Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of t...10.0
- CVE-2020-21699The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of p...7.5
- CVE-2021-43116An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a ma...8.8
- CVE-2022-25845Deserialization of Untrusted Data8.1
- CVE-2021-44667A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.6.1
- CVE-2021-33800In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.7.5
- CVE-2021-29441Authentication bypass8.6
- CVE-2021-29442Authentication bypass8.6
- CVE-2020-19676Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service l...5.3
- CVE-2017-18349parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by...9.8
- CVE-2014-5976The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sens...5.4
- CVE-2007-0827The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, wh...6.8