Skip to main content

Java

3270 CVEs product

Monthly

CVE-2025-5033 MEDIUM POC This Month

A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Java Teacms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-46822 HIGH POC This Week

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Java
NVD GitHub Exploit-DB
CVSS 4.0
7.7
EPSS
6.8%
CVE-2025-41232 Maven CRITICAL PATCH Act Now

Spring Security Aspects may not correctly locate method security annotations on private methods. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Red Hat
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-4893 MEDIUM POC This Month

A vulnerability classified as critical has been found in jammy928 CoinExchange_CryptoExchange_Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-4868 MEDIUM POC This Month

A vulnerability was found in merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-4839 LOW POC Monitor

A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Java Paicoding
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-4838 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-22233 Maven LOW PATCH Monitor

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Java Spring
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-4641 Maven CRITICAL PATCH Act Now

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Microsoft Java Apple Windows +1
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-30012 CRITICAL This Week

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Command Injection Deserialization Java Supplier Relationship Management
NVD
CVSS 3.1
10.0
EPSS
1.8%
CVE-2025-30011 MEDIUM This Month

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Java Supplier Relationship Management
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-30010 MEDIUM This Month

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Java Supplier Relationship Management
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-30009 MEDIUM This Month

he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Java Supplier Relationship Management
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-4542 LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统 API up to 1.2. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Java Hotel
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-4530 MEDIUM This Month

A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-4511 MEDIUM POC This Month

A vulnerability was found in vector4wang spring-boot-quick up to 20250422. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-4495 MEDIUM POC This Month

A vulnerability has been found in JAdmin-JAVA JAdmin 1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Jadmin
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4494 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in JAdmin-JAVA JAdmin 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Jadmin
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2025-46392 Maven MEDIUM PATCH This Month

Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Java Denial Of Service Commons Configuration Red Hat +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2025-30147 HIGH This Week

Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-4333 MEDIUM This Month

A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4328 MEDIUM POC This Month

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Java
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-4178 MEDIUM POC This Month

A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical.java of the component File Upload API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal File Upload Java Java Server +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4175 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-4036 MEDIUM POC This Month

A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical.java of the component Chapter Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Novel
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2023-42404 MEDIUM This Month

OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Java Workspace
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2025-4019 MEDIUM This Month

A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Novel Plus
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-4018 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160.java. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Novel Plus
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4017 MEDIUM POC This Month

A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Novel Plus
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4016 MEDIUM This Month

A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Novel Plus
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-4015 MEDIUM This Month

A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Novel Plus
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-22235 Maven HIGH PATCH This Week

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Spring Red Hat
NVD HeroDevs
CVSS 3.1
7.3
EPSS
0.4%
CVE-2025-3984 Maven LOW Monitor

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Central Authentication Service
NVD VulDB
CVSS 4.0
2.3
EPSS
0.3%
CVE-2025-32952 Maven MEDIUM PATCH This Month

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Java Denial Of Service Cuba Platform Cuba Rest Api Jmix Framework +1
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2025-32951 Maven MEDIUM PATCH This Month

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Cuba Platform Cuba Rest Api Jmix Framework +1
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2025-32950 Maven MEDIUM PATCH This Month

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Jmix Framework
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-3843 MEDIUM POC This Month

A vulnerability was found in panhainan DS-Java 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Java Ds Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3842 MEDIUM POC This Month

A vulnerability was found in panhainan DS-Java 1.0 and classified as critical.action of the file src/com/phn/action/FileUpload.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Ds Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3830 MEDIUM POC This Month

A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java Kuangsimplebbs
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3807 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in zhenfeng13 My-BBS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java My Bbs
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-30736 HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Java Java Virtual Machine
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2025-30698 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Denial Of Service Java Jre +5
NVD VulDB
CVSS 3.1
5.6
EPSS
0.6%
CVE-2025-30691 MEDIUM PATCH This Month

Vulnerability in Oracle Java SE (component: Compiler). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Java Graalvm For Jdk Jdk +5
NVD VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2025-21587 HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Java Jre Jdk +4
NVD VulDB
CVSS 3.1
7.4
EPSS
0.6%
CVE-2025-29213 MEDIUM POC This Month

A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Java Jeewms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-28198 MEDIUM POC This Month

A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Hitout Car Sale
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-3588 Maven MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2.java of the component JSON File Handler. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Java Red Hat
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3567 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-22232 MEDIUM This Month

Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Java Red Hat
NVD HeroDevs
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-3412 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Aias
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3411 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Aias
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3410 MEDIUM POC This Month

A vulnerability classified as critical was found in mymagicpower AIAS 20250308. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java Aias
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3398 MEDIUM This Month

A vulnerability classified as critical was found in lenve VBlog up to 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Vblog
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3392 MEDIUM POC This Month

A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3391 MEDIUM POC This Month

A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3390 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in hailey888 oa_system up to 2025.01.01. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3389 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in hailey888 oa_system up to 2025.01.01.java of the component Backend. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3388 MEDIUM POC This Month

A vulnerability classified as problematic was found in hailey888 oa_system up to 2025.01.01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3382 MEDIUM This Month

A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3381 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Java Youkefu
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2025-3318 MEDIUM POC This Month

A vulnerability classified as critical was found in Kenj_Frog 肯尼基蛙 company-financial-management 公司财务管理系统 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Company Financial Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3305 MEDIUM POC This Month

A vulnerability has been found in 1902756969/code-projects IKUN_Library 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Ikun Library
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3241 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Java Youkefu
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3202 MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in ageerle ruoyi-ai up to 2.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Java Ruoyi Ai
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-3199 MEDIUM POC PATCH This Month

A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Java Ruoyi Ai
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-31129 Maven HIGH PATCH This Week

Jooby is a web framework for Java and Kotlin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-3019 MEDIUM This Month

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Business Hub
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-22223 Maven MEDIUM PATCH This Month

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Red Hat
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-25589 HIGH This Week

An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE RCE Java
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-2491 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Ujcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-25585 HIGH POC This Week

Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Yimioa
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-2490 MEDIUM POC This Month

A vulnerability was found in Dromara ujcms 9.7.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Java Ujcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-2364 MEDIUM This Month

A vulnerability classified as problematic was found in lenve VBlog up to 1.0.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Vblog
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2363 MEDIUM This Month

A vulnerability classified as critical has been found in lenve VBlog up to 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java Vblog
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-26553 HIGH This Week

Reflected cross-site scripting (XSS) in Pre Order Addon for WooCommerce versions through 2.2 allows remote attackers to execute malicious JavaScript in victim browsers via specially crafted URLs. The vulnerability requires victim interaction (UI:R) and enables cross-site scope (S:C) attacks, potentially leading to session hijacking, credential theft, or malicious actions performed in the context of authenticated WooCommerce administrators. EPSS score of 0.09% (26th percentile) indicates low probability of mass exploitation, with no public exploit code or CISA KEV listing identified. This is a typical stored input validation flaw in WordPress plugin development affecting e-commerce environments.

WordPress XSS Java
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-2322 MEDIUM POC This Month

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Springboot Openai Chatgpt
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-27107 HIGH This Week

Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Java
NVD GitHub
CVSS 4.0
8.6
EPSS
0.6%
CVE-2020-36843 Maven MEDIUM PATCH This Month

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Jwt Attack Information Disclosure Java Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27431 MEDIUM This Month

User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). [CVSS 5.4 MEDIUM]

Java XSS Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25940 CRITICAL POC Act Now

VisiCut 2.1 allows remote code execution through insecure XML deserialization in the loadPlfFile method. An attacker who can supply a crafted PLF file can execute arbitrary Java code on the victim's machine. A public PoC exploit exists and no patch is available.

Java
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-27636 Maven MEDIUM POC PATCH THREAT This Month

Bypass/Injection vulnerability in Apache Camel components under particular conditions.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 47.8%.

Microsoft Apache Authentication Bypass Java Camel +1
NVD GitHub
CVSS 3.1
5.6
EPSS
47.8%
CVE-2025-25361 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java File Upload Publiccms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38693 Maven CRITICAL PATCH Act Now

Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scripting language used for rapid web application development. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-26182 MEDIUM POC This Month

An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Java Novel Plus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-1695 MEDIUM This Month

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Java Denial Of Service Nginx Unit
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1890 MEDIUM POC This Month

A vulnerability has been found in shishuocms 1.1 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java Shishuocms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1846 MEDIUM POC This Month

A vulnerability was found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Java Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-1833 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1832 MEDIUM POC This Month

A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1831 MEDIUM POC This Month

A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Java Teacms
NVD VulDB
EPSS 7% CVSS 7.7
HIGH POC This Week

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Java
NVD GitHub Exploit-DB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Spring Security Aspects may not correctly locate method security annotations on private methods. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring +1
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in jammy928 CoinExchange_CryptoExchange_Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Java
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Java
NVD GitHub VulDB
EPSS 0% CVSS 2.3
LOW POC Monitor

A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Java Paicoding
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Java
NVD GitHub VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Java Spring
NVD
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Microsoft Java +3
NVD GitHub
EPSS 2% CVSS 10.0
CRITICAL This Week

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Command Injection Deserialization +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Java +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Java +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Java +1
NVD
EPSS 0% CVSS 2.3
LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统 API up to 1.2. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Java Hotel
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in vector4wang spring-boot-quick up to 20250422. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability has been found in JAdmin-JAVA JAdmin 1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Jadmin
NVD GitHub VulDB
EPSS 1% CVSS 6.9
MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in JAdmin-JAVA JAdmin 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Jadmin
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Java Denial Of Service +3
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Java
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Java
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical.java of the component File Upload API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal File Upload +3
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical.java of the component Chapter Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Novel
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Java +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Novel Plus
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160.java. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Novel Plus
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Novel Plus
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Novel Plus
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Novel Plus
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Spring +1
NVD HeroDevs
EPSS 0% CVSS 2.3
LOW Monitor

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Central Authentication Service
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Java Denial Of Service Cuba Platform +3
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Cuba Platform +3
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Jmix Framework
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in panhainan DS-Java 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Java Ds Java
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in panhainan DS-Java 1.0 and classified as critical.action of the file src/com/phn/action/FileUpload.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Ds Java
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in zhenfeng13 My-BBS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Java +1
NVD
EPSS 1% CVSS 5.6
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Denial Of Service +7
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Vulnerability in Oracle Java SE (component: Compiler). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Java +7
NVD VulDB
EPSS 1% CVSS 7.4
HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Java +6
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Java +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC This Month

A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Hitout Car Sale
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2.java of the component JSON File Handler. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Java Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Java +1
NVD HeroDevs
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Aias
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Aias
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in mymagicpower AIAS 20250308. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical was found in lenve VBlog up to 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Vblog
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in hailey888 oa_system up to 2025.01.01. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in hailey888 oa_system up to 2025.01.01.java of the component Backend. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as problematic was found in hailey888 oa_system up to 2025.01.01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Java
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in Kenj_Frog 肯尼基蛙 company-financial-management 公司财务管理系统 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Company Financial Management System
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in 1902756969/code-projects IKUN_Library 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Ikun Library
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Java Youkefu
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in ageerle ruoyi-ai up to 2.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Java Ruoyi Ai
NVD GitHub VulDB
EPSS 1% CVSS 6.9
MEDIUM POC PATCH This Month

A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Java Ruoyi Ai
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Jooby is a web framework for Java and Kotlin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Business Hub
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE RCE Java
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Ujcms
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH POC This Week

Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Yimioa
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

A vulnerability was found in Dromara ujcms 9.7.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability classified as problematic was found in lenve VBlog up to 1.0.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Vblog
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical has been found in lenve VBlog up to 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java Vblog
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting (XSS) in Pre Order Addon for WooCommerce versions through 2.2 allows remote attackers to execute malicious JavaScript in victim browsers via specially crafted URLs. The vulnerability requires victim interaction (UI:R) and enables cross-site scope (S:C) attacks, potentially leading to session hijacking, credential theft, or malicious actions performed in the context of authenticated WooCommerce administrators. EPSS score of 0.09% (26th percentile) indicates low probability of mass exploitation, with no public exploit code or CISA KEV listing identified. This is a typical stored input validation flaw in WordPress plugin development affecting e-commerce environments.

WordPress XSS Java
NVD
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Springboot Openai Chatgpt
NVD VulDB
EPSS 1% CVSS 8.6
HIGH This Week

Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Java
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Jwt Attack Information Disclosure Java +1
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). [CVSS 5.4 MEDIUM]

Java XSS Information Disclosure
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

VisiCut 2.1 allows remote code execution through insecure XML deserialization in the loadPlfFile method. An attacker who can supply a crafted PLF file can execute arbitrary Java code on the victim's machine. A public PoC exploit exists and no patch is available.

Java
NVD GitHub
EPSS 48% CVSS 5.6
MEDIUM POC PATCH THREAT This Month

Bypass/Injection vulnerability in Apache Camel components under particular conditions.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 47.8%.

Microsoft Apache Authentication Bypass +3
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java File Upload +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scripting language used for rapid web application development. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Java +1
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Java Denial Of Service +1
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in shishuocms 1.1 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Java Zz
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Zz
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Zz
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Zz
NVD GitHub VulDB
Prev Page 10 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy