VDB

GCVE-110-NCSC-2025-334

GCVE-110-NCSC-2025-334
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published October 23, 2025
Multiple vulnerabilities have been identified across various software products, including JUnit4, Oracle WebLogic Server, and TensorFlow, allowing unauthorized access and information disclosure, with several updates addressing these issues.

Weaknesses (CWE)

CWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-122Heap-based Buffer OverflowCWE-354Improper Validation of Integrity Check ValueCWE-787Out-of-bounds WriteCWE-770Allocation of Resources Without Limits or ThrottlingCWE-789Memory Allocation with Excessive Size ValueCWE-918Server-Side Request Forgery (SSRF)CWE-284Improper Access ControlCWE-400Uncontrolled Resource ConsumptionCWE-674Uncontrolled RecursionCWE-306Missing Authentication for Critical Function

Risk Scores

CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersionsPlatforms
Oraclevers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

72,096 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›