Skip to main content

Communications Policy Management

37 CVEs product

Monthly

CVE-2022-22965 Maven CRITICAL POC KEV PATCH THREAT Act Now

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Tomcat Spring Framework +37
NVD
CVSS 3.1
9.8
EPSS
99.7%
CVE-2021-23450 npm CRITICAL POC PATCH THREAT Act Now

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Dojo Communications Policy Management Primavera Unifier +2
NVD GitHub
CVSS 3.1
9.8
EPSS
30.4%
CVE-2021-43527 CRITICAL PATCH Act Now

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Mozilla Nss Nss Esr +8
NVD
CVSS 3.1
9.8
EPSS
17.6%
CVE-2021-33037 Maven MEDIUM PATCH This Month

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Tomcat Request Smuggling Apache Information Disclosure Tomee +20
NVD
CVSS 3.1
5.3
EPSS
75.4%
CVE-2021-29425 Maven MEDIUM POC PATCH THREAT This Month

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Path Traversal Commons Io Debian Linux Access Manager +57
NVD
CVSS 3.1
4.8
EPSS
10.6%
CVE-2021-21351 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.1
EPSS
82.1%
CVE-2021-21350 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
15.2%
CVE-2021-21349 Maven HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java Oncommand Insight Activemq Jmeter +14
NVD GitHub
CVSS 3.1
8.6
EPSS
46.8%
CVE-2021-21348 Maven HIGH PATCH This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Oncommand Insight Activemq Jmeter +13
NVD GitHub
CVSS 3.1
7.5
EPSS
13.8%
CVE-2021-21347 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
14.3%
CVE-2021-21346 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
76.4%
CVE-2021-21345 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.9
EPSS
72.3%
CVE-2021-21344 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
76.0%
CVE-2021-21343 Maven HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Java Oncommand Insight Activemq Jmeter +12
NVD GitHub
CVSS 3.1
7.5
EPSS
46.7%
CVE-2021-21342 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java Oncommand Insight Activemq Jmeter +12
NVD GitHub
CVSS 3.1
9.1
EPSS
50.0%
CVE-2020-36183 Maven HIGH POC PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Deserialization Jackson Databind Cloud Backup Service Level Manager +42
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
2.2%
CVE-2020-35728 Maven HIGH PATCH Act Now

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 41.1%.

Apache Oracle Deserialization Jackson Databind Debian Linux +38
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
41.1%
CVE-2020-17530 Maven CRITICAL POC KEV PATCH THREAT Act Now

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache RCE Struts Business Intelligence Communications Diameter Intelligence Hub +5
NVD GitHub
CVSS 3.1
9.8
EPSS
95.9%
CVE-2020-26217 Maven HIGH POC PATCH THREAT This Week

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Xstream Debian Linux Snapmanager +12
NVD GitHub
CVSS 3.1
8.8
EPSS
85.0%
CVE-2020-24750 Maven HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Agile Plm Application Testing Suite Autovue For Agile Product Lifecycle Management +22
NVD GitHub
CVSS 3.1
8.1
EPSS
7.3%
CVE-2020-24616 Maven HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Active Iq Unified Manager Agile Plm Application Testing Suite +21
NVD GitHub
CVSS 3.1
8.1
EPSS
9.3%
CVE-2020-5258 npm HIGH POC PATCH This Week

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. Public exploit code available.

Node.js RCE Code Injection Dojo Debian Linux +8
NVD GitHub
CVSS 3.1
7.7
EPSS
4.0%
CVE-2020-5397 Maven MEDIUM POC PATCH This Month

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Java CSRF Spring Framework Application Testing Suite +25
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2020-5398 Maven HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Spring Framework Application Testing Suite Communications Billing And Revenue Management Elastic Charging Engine +30
NVD
CVSS 3.1
7.5
EPSS
88.1%
CVE-2018-11776 Maven HIGH POC KEV PATCH THREAT Act Now

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then:. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache RCE Struts Active Iq Unified Manager Oncommand Insight +5
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
100.0%
CVE-2018-1271 Maven MEDIUM POC PATCH THREAT This Month

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Microsoft Path Traversal Spring Framework Application Testing Suite +26
NVD
CVSS 3.1
5.9
EPSS
35.7%
CVE-2017-10159 MEDIUM PATCH This Month

Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Portal, CMP). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Communications Policy Management
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-3633 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle Communications Policy Management MySQL
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2015-2568 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security :. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris Communications Policy Management MySQL +12
NVD
CVSS 2.0
5.0
EPSS
4.0%
CVE-2015-0500 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Communications Policy Management Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop +2
NVD
CVSS 2.0
4.0
EPSS
1.0%
CVE-2015-0433 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Communications Policy Management MySQL Solaris +12
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-0423 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Communications Policy Management Suse Linux Enterprise Software Development Kit +2
NVD
CVSS 2.0
4.0
EPSS
0.9%
CVE-2015-0235 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.7%.

Memory Corruption Buffer Overflow RCE Glibc Communications Application Session Controller +16
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
86.7%
Threat
6.1
CVE-2015-0411 HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Ubuntu Linux Debian Linux Fedora +5
NVD
CVSS 2.0
7.5
EPSS
9.6%
CVE-2015-0409 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Communications Policy Management
NVD
CVSS 2.0
4.0
EPSS
0.9%
CVE-2015-0382 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.2%.

Information Disclosure Oracle Communications Policy Management Solaris MySQL +14
NVD
CVSS 2.0
4.3
EPSS
15.2%
CVE-2015-0381 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Solaris MySQL Ubuntu Linux +14
NVD
CVSS 2.0
4.3
EPSS
5.0%
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection +39
NVD
EPSS 30% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Dojo +4
NVD GitHub
EPSS 18% CVSS 9.8
CRITICAL PATCH Act Now

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Mozilla +10
NVD
EPSS 75% CVSS 5.3
MEDIUM PATCH This Month

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Tomcat Request Smuggling Apache +22
NVD
EPSS 11% CVSS 4.8
MEDIUM POC PATCH THREAT This Month

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Path Traversal Commons Io +59
NVD
EPSS 82% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 15% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 47% CVSS 8.6
HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java Oncommand Insight +16
NVD GitHub
EPSS 14% CVSS 7.5
HIGH PATCH This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Oncommand Insight +15
NVD GitHub
EPSS 14% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 76% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 72% CVSS 9.9
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Java +16
NVD GitHub
EPSS 76% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 47% CVSS 7.5
HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Java Oncommand Insight +14
NVD GitHub
EPSS 50% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java Oncommand Insight +14
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Deserialization Jackson Databind +44
NVD GitHub VulDB
EPSS 41% CVSS 8.1
HIGH PATCH Act Now

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 41.1%.

Apache Oracle Deserialization +40
NVD GitHub VulDB
EPSS 96% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache RCE Struts +7
NVD GitHub
EPSS 85% CVSS 8.8
HIGH POC PATCH THREAT This Week

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Xstream +14
NVD GitHub
EPSS 7% CVSS 8.1
HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Agile Plm +24
NVD GitHub
EPSS 9% CVSS 8.1
HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Active Iq Unified Manager +23
NVD GitHub
EPSS 4% CVSS 7.7
HIGH POC PATCH This Week

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. Public exploit code available.

Node.js RCE Code Injection +10
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Java CSRF +27
NVD
EPSS 88% CVSS 7.5
HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Spring Framework +32
NVD
EPSS 100% CVSS 8.1
HIGH POC KEV PATCH THREAT Act Now

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then:. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache RCE Struts +7
NVD GitHub Exploit-DB
EPSS 36% CVSS 5.9
MEDIUM POC PATCH THREAT This Month

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Microsoft Path Traversal +28
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Portal, CMP). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Communications Policy Management
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle Communications Policy Management +1
NVD
EPSS 4% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security :. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +14
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Communications Policy Management +4
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Communications Policy Management +14
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +4
NVD
EPSS 87% 6.1 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.7%.

Memory Corruption Buffer Overflow RCE +18
NVD Exploit-DB
EPSS 10% CVSS 7.5
HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Ubuntu Linux +7
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +1
NVD
EPSS 15% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.2%.

Information Disclosure Oracle Communications Policy Management +16
NVD
EPSS 5% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Solaris +16
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy