VYPR
Vendor

Alibaba

Products
9
CVEs
9
Across products
11
Status
Private

Products

9

Recent CVEs

9
  • CVE-2025-70974CriJan 9, 2026
    risk 0.65cvss 10.0epss 0.01

    Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection…

  • CVE-2026-6328HigApr 15, 2026
    risk 0.47cvss epss 0.00

    Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through…

  • CVE-2026-1788MedFeb 3, 2026
    risk 0.43cvss epss 0.00

    : Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol implementation, packet processing module modules) allows : Buffer Manipulation.This issue affects Xquic Server: through 1.8.3.

  • CVE-2007-0827Feb 7, 2007
    risk 0.03cvss epss 0.04

    The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call.

  • CVE-2000-0626Jul 18, 2000
    risk 0.03cvss epss 0.06

    Buffer overflow in Alibaba web server allows remote attackers to cause a denial of service via a long GET request.

  • CVE-1999-0885Nov 3, 1999
    risk 0.03cvss epss 0.03

    Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL.

  • CVE-2014-5976Sep 20, 2014
    risk 0.00cvss epss 0.00

    The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-1999-1444Dec 31, 1999
    risk 0.00cvss epss 0.01

    genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent of 1, which results in transactions that are sent in cleartext.

  • CVE-1999-0776May 12, 1999
    risk 0.00cvss epss 0.01

    Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack.