Skip to main content

Java

3270 CVEs product

Monthly

CVE-2024-54140 Maven LOW PATCH Monitor

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Checkpoint Java Denial Of Service
NVD GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2024-12235 MEDIUM POC This Month

A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Agilebpm
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-38829 Maven LOW PATCH Monitor

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure
NVD
CVSS 3.1
3.7
EPSS
0.4%
CVE-2024-53990 Maven CRITICAL PATCH Act Now

The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java
NVD GitHub
CVSS 4.0
9.2
EPSS
0.6%
CVE-2024-11961 MEDIUM POC This Month

A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Jeewms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-53673 CRITICAL Act Now

A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Java Insight Remote Support
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-53267 Maven MEDIUM PATCH This Month

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Java Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-10382 HIGH This Week

There exists a code execution vulnerability in the Car App Android Jetpack Library. Rated high severity (CVSS 7.3). No vendor patch available.

Deserialization RCE Java Google Androidx Car App
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-50271 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: signal: restore the override_rlimit logic Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts"). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Java Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-38828 Maven MEDIUM PATCH This Month

Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-50355 PHP MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Java Librenms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-49758 PHP MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Java Librenms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-52302 HIGH POC This Week

common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Java File Upload
NVD GitHub Exploit-DB
CVSS 4.0
8.7
EPSS
3.2%
CVE-2024-43089 HIGH PATCH This Week

In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Java Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43083 MEDIUM PATCH This Month

In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Java Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47592 MEDIUM This Month

SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure SAP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-47588 MEDIUM This Month

In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. Rated medium severity (CVSS 4.7). No vendor patch available.

Java Information Disclosure SAP
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-42372 MEDIUM This Month

Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java SAP
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-11026 MEDIUM POC This Month

A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Java Google Freenow
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.6%
CVE-2024-51994 MEDIUM This Month

Combodo iTop is a web based IT Service Management tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Itop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10920 LOW POC Monitor

A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Java Information Disclosure Travels Java Api
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.4%
CVE-2024-48336 HIGH This Week

The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Java
NVD GitHub
CVSS 3.1
8.4
EPSS
0.5%
CVE-2024-10748 LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android.java of the component Realm Database Handler. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.

Information Disclosure Java Google What S Up
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.3%
CVE-2024-38821 Maven CRITICAL PATCH Act Now

Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service
NVD
CVSS 3.1
9.1
EPSS
1.7%
CVE-2024-48236 MEDIUM POC This Month

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java RCE Ofcms
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-48235 MEDIUM POC This Month

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java RCE Ofcms
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-21251 LOW Monitor

Vulnerability in the Java VM component of Oracle Database Server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Java Oracle Database Server
NVD
CVSS 3.1
3.1
EPSS
0.4%
CVE-2024-47074 CRITICAL PATCH Act Now

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java PostgreSQL Dataease
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-47855 Maven MEDIUM PATCH This Month

util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
17.6%
CVE-2024-47561 Maven CRITICAL PATCH Act Now

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Apache Java Avro +2
NVD
CVSS 4.0
9.2
EPSS
3.3%
CVE-2024-47524 PHP MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Java Librenms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-45772 Maven HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.4.0 before 9.12.0. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Apache Java Lucene Replicator
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-9202 MEDIUM PATCH This Month

In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets (= data offers) another party can see in a requested catalog, to ensure that only authorized. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Java Eclipse Dataspace Components
NVD GitHub
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-46609 HIGH POC This Week

An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Icecms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-46607 HIGH POC This Week

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Icecms
NVD GitHub
CVSS 3.1
7.6
EPSS
0.6%
CVE-2024-9048 MEDIUM PATCH This Month

A vulnerability was found in y_project RuoYi up to 4.7.9. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Ruoyi
NVD VulDB
CVSS 4.0
6.3
EPSS
0.4%
CVE-2024-7254 LIB HIGH PATCH This Week

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Protobuf Protobuf Java Protobuf Javalite +5
NVD GitHub HeroDevs
CVSS 4.0
8.7
EPSS
2.8%
CVE-2024-38816 Maven HIGH POC PATCH THREAT This Week

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Path Traversal Java
NVD
CVSS 3.1
7.5
EPSS
14.7%
CVE-2024-44677 CRITICAL POC Act Now

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE Java Eladmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-45283 MEDIUM This Month

SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure SAP
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-45280 MEDIUM This Month

Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java SAP
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-45294 Maven HIGH PATCH This Week

The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XXE
NVD GitHub
CVSS 3.1
8.6
EPSS
1.0%
CVE-2024-44837 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Drug
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8391 Maven MEDIUM PATCH This Month

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Vert X
NVD GitHub
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-8367 MEDIUM This Month

A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Java Microsoft
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-38807 Maven MEDIUM PATCH This Month

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where. Rated medium severity (CVSS 6.3). No vendor patch available.

Authentication Bypass Java
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-38808 Maven MEDIUM PATCH This Month

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Framework Active Iq Unified Manager Oncommand Insight
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-38810 Maven HIGH PATCH This Week

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Security
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-27267 MEDIUM This Month

The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Race Condition Java Denial Of Service Java Sdk
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-28986 CRITICAL POC KEV THREAT CERT-EU Act Now

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java Web Help Desk
NVD
CVSS 3.1
9.8
EPSS
84.6%
CVE-2024-42374 HIGH This Week

BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure SAP Bex Web Java Runtime Export Web Service
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-7552 MEDIUM POC This Month

A vulnerability was found in DataGear up to 5.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Datagear
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7314 CRITICAL POC THREAT Act Now

anji-plus AJ-Report is affected by an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Report
NVD GitHub
CVSS 3.1
9.8
EPSS
51.5%
CVE-2024-41948 Maven MEDIUM PATCH This Month

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Biscuit Java
NVD GitHub
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-40094 Maven MEDIUM PATCH This Month

GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-37084 Maven HIGH PATCH This Week

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE Spring Cloud Data Flow
NVD
CVSS 3.1
8.8
EPSS
35.2%
CVE-2024-41667 Maven HIGH POC PATCH This Week

OpenAM is an open access management solution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2024-6960 Maven HIGH This Week

The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization RCE Java
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-41600 HIGH This Week

Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Lin Cms Spring Boot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-41601 HIGH This Week

Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-40642 Maven HIGH POC PATCH This Week

The netty incubator codec.bhttp is a java language binary http parser. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSRF Java Netty Incubator Codec Ohttp
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-6834 CRITICAL Act Now

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Java
NVD GitHub
CVSS 3.1
9.0
EPSS
0.3%
CVE-2024-21174 LOW Monitor

Vulnerability in the Java VM component of Oracle Database Server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Java Denial Of Service Oracle Database Server
NVD
CVSS 3.1
3.1
EPSS
0.3%
CVE-2024-36522 Maven CRITICAL PATCH Act Now

The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Wicket
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-6645 MEDIUM This Month

A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6644 MEDIUM This Month

A vulnerability was found in zmops ArgusDBM up to 0.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-34723 HIGH PATCH This Week

In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Java Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31320 HIGH PATCH This Week

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Java Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22271 Maven HIGH PATCH This Week

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-5971 Maven HIGH PATCH This Week

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2024-36404 Maven CRITICAL POC PATCH THREAT Act Now

GeoTools is an open source Java library that provides tools for geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
74.9%
CVE-2024-6441 MEDIUM This Month

A vulnerability was found in ORIPA up to 1.72. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-34696 Maven MEDIUM PATCH This Month

GeoServer is an open source server that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Geoserver
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-38374 Maven HIGH PATCH This Week

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XXE
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-39669 CRITICAL Act Now

In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Java RCE
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-37759 CRITICAL POC Act Now

DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java Datagear
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2024-22263 HIGH This Week

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Kubernetes File Upload
NVD
CVSS 3.1
8.8
EPSS
17.5%
CVE-2024-28164 MEDIUM This Month

SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure SAP Netweaver Application Server Java
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-36114 Maven HIGH PATCH This Week

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Java Information Disclosure
NVD GitHub
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-3967 CRITICAL Act Now

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java Imanager
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-32888 Maven CRITICAL PATCH Act Now

The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java PostgreSQL
NVD GitHub
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-30172 LIB HIGH PATCH This Week

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-30171 LIB MEDIUM PATCH This Month

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2024-29857 LIB HIGH PATCH This Week

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Java Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-28866 MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Gocd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-34447 Maven HIGH PATCH This Week

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-34148 Maven MEDIUM This Month

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Prototype Pollution Java Information Disclosure Jenkins Subversion Partial Release Manager
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2024-29466 HIGH This Week

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Java
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-32656 Maven HIGH PATCH This Week

Ant Media Server is live streaming engine software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Apache Java Privilege Escalation
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32653 MEDIUM This Month

jadx is a Dex to Java decompiler. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Java
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
EPSS 0% CVSS 2.1
LOW PATCH Monitor

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Checkpoint Java Denial Of Service
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Agilebpm
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure
NVD
EPSS 1% CVSS 9.2
CRITICAL PATCH Act Now

The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java
NVD GitHub
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Jeewms
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Java Insight Remote Support
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Java Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

There exists a code execution vulnerability in the Car App Android Jetpack Library. Rated high severity (CVSS 7.3). No vendor patch available.

Deserialization RCE Java +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: signal: restore the override_rlimit logic Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts"). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Java Denial Of Service Linux +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service
NVD
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Java +1
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Java +1
NVD GitHub
EPSS 3% CVSS 8.7
HIGH POC This Week

common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Java File Upload
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Java Privilege Escalation +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Java Denial Of Service Android
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure SAP
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. Rated medium severity (CVSS 4.7). No vendor patch available.

Java Information Disclosure SAP
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java SAP
NVD
EPSS 1% CVSS 6.3
MEDIUM POC This Month

A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Java Google +1
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Combodo iTop is a web based IT Service Management tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Itop
NVD GitHub
EPSS 0% CVSS 2.3
LOW POC Monitor

A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Java Information Disclosure Travels Java Api
NVD GitHub VulDB
EPSS 1% CVSS 8.4
HIGH This Week

The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Java
NVD GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android.java of the component Realm Database Handler. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.

Information Disclosure Java Google +1
NVD GitHub VulDB
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java RCE +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java RCE +1
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Vulnerability in the Java VM component of Oracle Database Server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Java Oracle +1
NVD
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java PostgreSQL +1
NVD GitHub
EPSS 18% CVSS 5.3
MEDIUM PATCH This Month

util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure
NVD GitHub
EPSS 3% CVSS 9.2
CRITICAL PATCH Act Now

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Apache +4
NVD
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Java +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.4.0 before 9.12.0. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Apache Java +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets (= data offers) another party can see in a requested catalog, to ensure that only authorized. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Java Eclipse Dataspace Components
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Icecms
NVD GitHub
EPSS 1% CVSS 7.6
HIGH POC This Week

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Icecms
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A vulnerability was found in y_project RuoYi up to 4.7.9. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Ruoyi
NVD VulDB
EPSS 3% CVSS 8.7
HIGH PATCH This Week

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Protobuf +7
NVD GitHub HeroDevs
EPSS 15% CVSS 7.5
HIGH POC PATCH THREAT This Week

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Path Traversal Java
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE Java +1
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure SAP
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java SAP
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XXE
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Drug
NVD
EPSS 1% CVSS 6.9
MEDIUM PATCH This Month

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Vert X
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Java Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where. Rated medium severity (CVSS 6.3). No vendor patch available.

Authentication Bypass Java
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Framework +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Security
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Race Condition Java +2
NVD
EPSS 85% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java +1
NVD
EPSS 1% CVSS 8.2
HIGH This Week

BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure SAP +1
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in DataGear up to 5.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Datagear
NVD VulDB
EPSS 51% CVSS 9.8
CRITICAL POC THREAT Act Now

anji-plus AJ-Report is affected by an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Report
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Biscuit Java
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service
NVD GitHub
EPSS 35% CVSS 8.8
HIGH PATCH This Week

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE +1
NVD
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

OpenAM is an open access management solution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization RCE Java
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Lin Cms Spring Boot
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

The netty incubator codec.bhttp is a java language binary http parser. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSRF Java Netty Incubator Codec Ohttp
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL Act Now

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Java
NVD GitHub
EPSS 0% CVSS 3.1
LOW Monitor

Vulnerability in the Java VM component of Oracle Database Server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Java Denial Of Service Oracle +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Wicket
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in zmops ArgusDBM up to 0.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Java Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Java Android
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service
NVD
EPSS 75% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

GeoTools is an open source Java library that provides tools for geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java RCE
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in ORIPA up to 1.72. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

GeoServer is an open source server that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Geoserver
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XXE
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Java RCE
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java Datagear
NVD GitHub
EPSS 18% CVSS 8.8
HIGH This Week

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Kubernetes File Upload
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure SAP +1
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Java Information Disclosure
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java +1
NVD
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java PostgreSQL
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Java Information Disclosure
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Gocd
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Prototype Pollution Java Information Disclosure +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Java
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Ant Media Server is live streaming engine software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Apache +2
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

jadx is a Dex to Java decompiler. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Java
NVD GitHub
Prev Page 12 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy