Skip to main content

Java

3269 CVEs product

Monthly

CVE-2025-1820 MEDIUM POC This Month

A vulnerability has been found in zj1983 zz up to 2024-8 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Zz
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1818 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8.upload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java Zz
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0160 HIGH This Week

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM RCE Java Storage Virtualize
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-1686 Maven MEDIUM POC GHSA This Month

All versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Name or Path via the include tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-27148 HIGH PATCH This Week

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Java Apple Windows +3
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-1584 Maven MEDIUM PATCH This Month

A vulnerability classified as problematic was found in opensolon Solon up to 3.0.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-25772 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Java Jspxcms
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-25767 MEDIUM POC This Month

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Privilege Escalation Java Mrcms
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-55156 MEDIUM This Month

An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Java
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20059 CRITICAL Act Now

Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.10.3, through 2023.11.1, through 2024.9. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
CVSS 4.0
9.2
EPSS
0.7%
CVE-2024-57971 CRITICAL Act Now

DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-24904 HIGH This Week

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-24903 HIGH This Week

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java
NVD GitHub
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-1225 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03.java of the component WXCallBack Interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Java Yimioa
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2022-35202 MEDIUM This Month

A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain (non-default) scenarios, to gain access to the private keys used for signing SAML Authn requests. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java
NVD VulDB
CVSS 3.1
5.1
EPSS
0.3%
CVE-2025-24869 MEDIUM This Month

SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Java
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-0054 MEDIUM This Month

SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Java
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-57409 MEDIUM POC Monitor

A stored cross-site scripting (XSS) vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Cool Admin Java
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-57408 HIGH POC This Month

An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java File Upload Cool Admin Java
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-20124 CRITICAL POC CERT-EU Act Now

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Deserialization Java Identity Services Engine
NVD Exploit-DB
CVSS 3.1
9.9
EPSS
8.3%
CVE-2024-27137 Maven MEDIUM PATCH This Month

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Java Cassandra Red Hat
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-57669 HIGH This Month

Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-57665 CRITICAL POC Act Now

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Jfinalcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-0851 Maven CRITICAL PATCH This Week

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.7% and no vendor patch available.

Java Path Traversal
NVD GitHub
CVSS 4.0
9.3
EPSS
30.7%
CVE-2025-24790 Maven MEDIUM PATCH Monitor

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Java Snowflake Jdbc
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-24789 Maven HIGH PATCH This Month

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Java Privilege Escalation Snowflake Jdbc Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-0705 MEDIUM This Month

A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Java Bootplus
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-0704 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Bootplus
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-0703 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Path Traversal Bootplus
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-24362 HIGH This Month

In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java
NVD GitHub
CVSS 4.0
7.1
EPSS
0.3%
CVE-2025-0702 MEDIUM This Month

A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java Bootplus
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-49742 HIGH This Month

In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49733 MEDIUM This Month

In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21553 MEDIUM Monitor

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Java Oracle Java Virtual Machine
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-21502 MEDIUM PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Oracle Graalvm Graalvm For Jdk +12
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-0558 MEDIUM This Month

A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SQLi Tduck Platform
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-54660 HIGH This Month

A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Java
NVD
CVSS 3.1
8.7
EPSS
0.6%
CVE-2025-0057 MEDIUM Monitor

SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload SAP Java XSS
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-0056 MEDIUM This Month

SAP GUI for Java saves user input on the client PC to improve usability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Java
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-23026 Maven MEDIUM PATCH This Month

jte (Java Template Engine) is a secure and lightweight template engine for Java and Kotlin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-0410 MEDIUM POC This Month

A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0409 MEDIUM POC This Month

A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0408 MEDIUM POC This Month

A vulnerability was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0407 MEDIUM POC This Month

A vulnerability was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0406 MEDIUM POC This Month

A vulnerability was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0405 MEDIUM POC This Month

A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0404 MEDIUM This Month

A vulnerability has been found in liujianview gymxmjpa 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SQLi
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0402 MEDIUM This Month

A vulnerability classified as critical was found in 1902756969 reggie 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java Reggie
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0401 MEDIUM This Month

A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Reggie
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-0399 MEDIUM This Month

A vulnerability was found in StarSea99 starsea-mall 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java Starsea Mall
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13212 MEDIUM This Month

A vulnerability classified as critical has been found in SingMR HouseRent 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java Houserent
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13211 MEDIUM This Month

A vulnerability was found in SingMR HouseRent 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Houserent
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13210 MEDIUM POC This Month

A vulnerability was found in donglight bookstore电商书城系统说明 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java Bookstore
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13202 MEDIUM POC This Month

A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic.java of the component Blog Article Handler. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Springboot Blog
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13201 MEDIUM POC This Month

A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java Springboot Blog
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13200 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Springboot Blog
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13197 MEDIUM POC This Month

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Bookstore
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-13196 MEDIUM POC This Month

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Bookstore
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-13195 MEDIUM POC This Month

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Bookstore
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13192 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Myblog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13191 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java Myblog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13189 MEDIUM POC This Week

A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Myblog
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13145 MEDIUM POC This Month

A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java My Blog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13144 MEDIUM POC This Month

A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java My Blog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13143 MEDIUM This Month

A vulnerability was found in ZeroWdd studentmanager 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java XSS Studentmanager
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13142 MEDIUM POC This Month

A vulnerability was found in ZeroWdd studentmanager 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Studentmanager
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13139 MEDIUM POC This Month

A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Mysiteforme
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13138 MEDIUM POC This Month

A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java Mysiteforme
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13137 MEDIUM POC This Month

A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Mysiteforme
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13136 MEDIUM POC This Month

A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Java Mysiteforme
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13134 MEDIUM This Month

A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java Studentmanager
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13133 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in ZeroWdd studentmanager 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java Studentmanager
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-55078 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Java
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-13111 MEDIUM POC This Month

A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Java Yunfan Learning Examination System
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2024-13110 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Yunfan Learning Examination System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-13022 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in taisan tarzan-cms 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java File Upload Tarzan Cms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-52046 Maven CRITICAL PATCH Act Now

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Apache Java Mina
NVD
CVSS 4.0
10.0
EPSS
23.9%
CVE-2024-56337 Maven CRITICAL PATCH Act Now

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Java Information Disclosure Bootstrap Os
NVD
CVSS 3.1
9.8
EPSS
8.9%
CVE-2024-38819 Maven HIGH POC PATCH THREAT This Week

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
CVSS 3.1
7.5
EPSS
54.9%
CVE-2024-12801 Maven LOW PATCH Monitor

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

SSRF Java
NVD
CVSS 4.0
2.4
EPSS
0.2%
CVE-2024-12798 Maven MEDIUM PATCH This Month

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

RCE Java
NVD
CVSS 4.0
5.9
EPSS
0.4%
CVE-2024-35230 Maven MEDIUM POC PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Geoserver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-55557 CRITICAL Act Now

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-55887 Maven HIGH PATCH This Week

Ucum-java is a FHIR Java library providing UCUM Services. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XXE
NVD GitHub
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-12482 MEDIUM POC This Month

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Wetech Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.0%
CVE-2024-45761 HIGH This Week

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Dell Denial Of Service Openmanage Server Administrator
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-54919 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Java E Learning Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-12351 MEDIUM POC This Month

A vulnerability classified as critical has been found in JFinalCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Jfinalcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12350 MEDIUM POC This Month

A vulnerability was found in JFinalCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Command Injection Jfinalcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.6%
CVE-2024-54140 Maven LOW PATCH Monitor

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Checkpoint Java Denial Of Service
NVD GitHub
CVSS 4.0
2.1
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in zj1983 zz up to 2024-8 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Zz
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8.upload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM RCE Java +1
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

All versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Name or Path via the include tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Java +5
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability classified as problematic was found in opensolon Solon up to 3.0.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Java Jspxcms
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Privilege Escalation Java Mrcms
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Java
NVD GitHub
EPSS 1% CVSS 9.2
CRITICAL Act Now

Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.10.3, through 2023.11.1, through 2024.9. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03.java of the component WXCallBack Interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Java Yimioa
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain (non-default) scenarios, to gain access to the private keys used for signing SAML Authn requests. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Java
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Java
NVD
EPSS 0% CVSS 4.8
MEDIUM POC Monitor

A stored cross-site scripting (XSS) vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Cool Admin Java
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Month

An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java File Upload +1
NVD GitHub
EPSS 8% CVSS 9.9
CRITICAL POC Act Now

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Deserialization Java +1
NVD Exploit-DB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Java +2
NVD
EPSS 1% CVSS 7.5
HIGH This Month

Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Jfinalcms
NVD GitHub
EPSS 31% CVSS 9.3
CRITICAL PATCH This Week

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.7% and no vendor patch available.

Java Path Traversal
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH Monitor

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Java Snowflake Jdbc
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Java Privilege Escalation +2
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Java Bootplus
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability, which was classified as problematic, was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Bootplus
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Path Traversal Bootplus
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Month

In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Month

In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Android +1
NVD
EPSS 0% CVSS 4.2
MEDIUM Monitor

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Java Oracle +1
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Oracle +14
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SQLi Tduck Platform
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH This Month

A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Java
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload SAP Java +1
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

SAP GUI for Java saves user input on the client PC to improve usability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Java
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

jte (Java Template Engine) is a secure and lightweight template engine for Java and Kotlin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in liujianview gymxmjpa 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Gymxmjpa
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been found in liujianview gymxmjpa 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical was found in 1902756969 reggie 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Reggie
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability was found in StarSea99 starsea-mall 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical has been found in SingMR HouseRent 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in SingMR HouseRent 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Houserent
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in donglight bookstore电商书城系统说明 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic.java of the component Blog Article Handler. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Springboot Blog
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Springboot Blog
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Bookstore
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Bookstore
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Bookstore
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Myblog
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Myblog
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability was found in ZeroWdd studentmanager 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java XSS Studentmanager
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in ZeroWdd studentmanager 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Studentmanager
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Mysiteforme
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Mysiteforme
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Java Mysiteforme
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as critical, has been found in ZeroWdd studentmanager 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Java
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC This Month

A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Java Yunfan Learning Examination System
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Yunfan Learning Examination System
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in taisan tarzan-cms 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java File Upload +1
NVD VulDB
EPSS 24% CVSS 10.0
CRITICAL PATCH Act Now

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Apache +2
NVD
EPSS 9% CVSS 9.8
CRITICAL PATCH Act Now

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Java +2
NVD
EPSS 55% CVSS 7.5
HIGH POC PATCH THREAT This Week

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
EPSS 0% CVSS 2.4
LOW PATCH Monitor

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

SSRF Java
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

RCE Java
NVD
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Geoserver
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java
NVD GitHub
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Ucum-java is a FHIR Java library providing UCUM Services. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XXE
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Wetech Cms
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Dell Denial Of Service +1
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Java +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in JFinalCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Jfinalcms
NVD GitHub VulDB
EPSS 4% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in JFinalCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Command Injection Jfinalcms
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Checkpoint Java Denial Of Service
NVD GitHub
Prev Page 11 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy