Vulnerabilities

During my work as a pentester, I was lucky to find some vulnerabilities in third-party software:

Date	Product	CVE	Severity	Advisory
08/2025	Weblication CMS Core	CVE-2025-52161	Critical	usd-2025-0031
05/2025	d.3one	-	High	usd-2025-0019
04/2022	Apache Karaf¹	CVE-2021-41766	High	usd-2021-0025
08/2021	TIBCO ActiveMatrix BusinessWorks	-	Critical	usd-2021-0012
07/2021	KeyCloak	-	Medium	usd-2021-0016
04/2020	Userlike Chat	CVE-2019-19214	Low	usd-2019-0058
04/2020	Userlike Chat	CVE-2019-19213	Critical	usd-2019-0057
12/2018	SEP sesam²	CVE-2018-7750	High	usd-2018-0025

99% of the credit for this CVE goes to Tobias Neitzel, who understands JMX vulnerabilities like no other. He wrote beanshooter and even adapted it to work with Apache Karaf. ↩
99% of the credit for this CVE goes to Daniel Hoffman, who discovered the underlying CVE-2018-1000805. ↩

Footnotes​