Skip to main content

Java

3270 CVEs product

Monthly

CVE-2024-29962 MEDIUM This Month

Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Brocade Sannav
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-21093 MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Java Oracle Java Virtual Machine
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-21005 LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Oracle Graalvm Jdk +6
NVD
CVSS 3.1
3.1
EPSS
0.9%
CVE-2024-21004 LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Java Oracle Graalvm Jdk +6
NVD
CVSS 3.1
2.5
EPSS
0.4%
CVE-2024-21003 LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Java Oracle Graalvm Jdk +6
NVD
CVSS 3.1
3.1
EPSS
0.9%
CVE-2024-21002 LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Java Oracle Graalvm Jdk +6
NVD
CVSS 3.1
2.5
EPSS
0.4%
CVE-2024-22262 Maven HIGH PATCH This Week

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Java Open Redirect
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-1961 HIGH This Week

vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Path Traversal RCE Java File Upload
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2024-27899 HIGH This Week

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure SAP
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-3366 Maven CRITICAL POC Act Now

A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Xxl Job
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-31851 HIGH POC This Week

A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
CVSS 3.1
8.6
EPSS
2.9%
CVE-2024-31850 HIGH POC This Week

A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
CVSS 3.1
8.6
EPSS
3.0%
CVE-2024-31849 CRITICAL POC Act Now

A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
CVSS 3.1
9.8
EPSS
6.1%
CVE-2024-31848 CRITICAL POC Act Now

A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
CVSS 3.1
9.8
EPSS
8.2%
CVE-2024-31033 MEDIUM This Month

JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure
NVD GitHub
CVSS 3.1
6.8
EPSS
0.8%
CVE-2024-2828 HIGH POC This Week

A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Easyadmin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-23821 Maven MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Geoserver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-23819 Maven MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Geoserver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-23818 Maven MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Geoserver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-23643 Maven MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Geoserver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-23642 Maven MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Geoserver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-23640 Maven MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Geoserver
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-23634 Maven MEDIUM POC PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Denial Of Service Geoserver
NVD GitHub
CVSS 3.1
6.0
EPSS
0.7%
CVE-2024-22258 Maven MEDIUM PATCH This Month

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24578 CRITICAL POC Emergency

RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Raspberrymatic
NVD GitHub
CVSS 3.1
9.8
EPSS
8.7%
CVE-2024-22257 Maven HIGH PATCH This Week

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Java Authentication Bypass
NVD GitHub
CVSS 3.1
8.2
EPSS
0.8%
CVE-2024-22259 Maven HIGH PATCH This Week

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Java Open Redirect Spring Framework Active Iq Unified Manager
NVD
CVSS 3.1
8.1
EPSS
2.6%
CVE-2024-28848 Maven HIGH PATCH This Week

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE Openmetadata
NVD GitHub
CVSS 3.1
8.8
EPSS
7.9%
CVE-2024-28847 Maven HIGH POC PATCH This Week

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java RCE Openmetadata
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-28254 HIGH POC THREAT Act Now

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Command Injection Openmetadata
NVD GitHub
CVSS 3.1
8.8
EPSS
45.7%
CVE-2024-28253 Maven HIGH POC PATCH THREAT This Week

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE Openmetadata
NVD GitHub
CVSS 3.1
8.8
EPSS
12.5%
CVE-2024-27135 Maven CRITICAL PATCH Act Now

Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache Java Pulsar
NVD
CVSS 3.1
9.9
EPSS
6.0%
CVE-2024-22127 CRITICAL Act Now

SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Command Injection SAP Netweaver Application Server Java
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2024-2365 MEDIUM POC This Month

A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Java Google Musicshelf
NVD GitHub VulDB
CVSS 3.1
4.2
EPSS
0.3%
CVE-2024-28213 Maven CRITICAL PATCH Act Now

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java Ngrinder
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-2064 MEDIUM POC This Month

A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Selectcours
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-23328 CRITICAL POC PATCH Act Now

Dataease is an open source data visualization analysis tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Java Dataease
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2024-24323 HIGH POC This Week

SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Litemall
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-22201 Maven HIGH PATCH This Week

Jetty is a Java based web server and servlet engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Jetty Debian Linux Active Iq Unified Manager +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-22824 CRITICAL POC Act Now

An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java File Upload Timo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-22234 Maven HIGH PATCH This Week

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Spring Security
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2024-20925 Maven LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Oracle Graalvm Jdk +1
NVD
CVSS 3.1
3.1
EPSS
0.6%
CVE-2024-20923 LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Oracle Graalvm Jdk +1
NVD
CVSS 3.1
3.1
EPSS
0.6%
CVE-2024-20903 MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Oracle Database Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-24743 HIGH This Week

SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XXE SAP Netweaver Application Server Java
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22126 MEDIUM This Month

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java SAP Netweaver Application Server Java
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-23639 Maven HIGH PATCH This Week

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Micronaut
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-24569 MEDIUM POC PATCH This Month

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Path Traversal Java Java Code Security Toolkit
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-22236 Maven MEDIUM PATCH This Month

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Java Google Spring Cloud Contract
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-23636 Maven CRITICAL PATCH Act Now

SOFARPC is a Java RPC framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apache Java Sofarpc
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-22233 Maven HIGH PATCH This Week

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Framework
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-23687 Maven CRITICAL PATCH Act Now

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Java Mod Data Export Spring
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-23684 Maven HIGH PATCH This Week

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Cbor
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-23683 Maven HIGH POC PATCH This Week

Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

RCE Java Artemis Java Test Sandbox
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-23682 Maven HIGH POC PATCH This Week

Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Artemis Java Test Sandbox
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-23681 Maven HIGH POC PATCH This Week

Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Artemis Java Test Sandbox
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-23680 Maven MEDIUM PATCH This Month

AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Java Information Disclosure Aws Encryption Sdk
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-20922 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Rated low severity (CVSS 2.5), this vulnerability is no authentication required.

Authentication Bypass Java Oracle Graalvm Jdk +4
NVD
CVSS 3.1
2.5
EPSS
0.3%
CVE-2024-0601 MEDIUM POC This Month

A vulnerability was found in ZhongFuCheng3y Austin 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Austin
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-0599 MEDIUM POC This Month

A vulnerability was found in Jspxcms 10.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Jspxcms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-0505 MEDIUM POC This Month

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical.java of the component Upload Material Menu. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Java Austin
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0491 MEDIUM This Month

A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Huaxia Erp
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-51805 MEDIUM POC This Month

SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Tduck Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-29051 HIGH This Week

User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Ox App Suite
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-0301 MEDIUM POC This Month

A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Iparking
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-51441 Maven HIGH PATCH This Week

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Java Apache Axis
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-21634 Maven HIGH PATCH This Month

Amazon Ion is a Java implementation of the Ion data notation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Java Ion
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-5880 HIGH This Week

When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Aladdin Connect Garage Door Opener Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-0195 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.0%.

Java RCE Code Injection Spider Flow
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
92.0%
Threat
5.5
CVE-2023-7171 MEDIUM POC PATCH This Month

A vulnerability was found in Novel-Plus up to 4.2.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java XSS Novel Plus
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-7148 Maven HIGH POC This Week

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Java RCE Code Injection Shifu
NVD VulDB
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-51079 Maven MEDIUM POC This Month

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Mvel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-51650 HIGH POC This Week

Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Hertzbeat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-48795 LIB MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js SSH Java +66
NVD GitHub
CVSS 3.1
5.9
EPSS
53.6%
Threat
4.3
CVE-2023-49898 Maven HIGH PATCH This Week

In streampark, there is a project module that integrates Maven's compilation capability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Command Injection Streampark
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2023-49581 CRITICAL Act Now

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Microsoft SQLi Netweaver Application Server Abap
NVD
CVSS 3.1
9.4
EPSS
0.5%
CVE-2023-49580 HIGH This Week

SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Information Disclosure Microsoft Graphical User Interface
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2023-46674 Maven HIGH PATCH This Week

An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Elastic Deserialization Elasticsearch
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-49093 Maven HIGH POC PATCH This Week

HtmlUnit is a GUI-less browser for Java programs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection Htmlunit
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-49693 CRITICAL POC Act Now

NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Netgear RCE Authentication Bypass Prosafe Network Management System
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-34055 Maven MEDIUM PATCH This Month

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Boot
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-34053 Maven HIGH PATCH This Week

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Framework
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-47437 MEDIUM This Month

A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java XSS Pachno
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-6299 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1.java of the component Reference Table Handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Itext
NVD VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-33202 Maven MEDIUM POC PATCH This Month

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java OpenSSL Denial Of Service Bouncy Castle For Java Fips Java Api
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2023-43123 Maven MEDIUM PATCH This Month

On unix-like systems, the temporary directory is shared between all user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Oracle Apple Atlassian Java Apache +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-22516 HIGH This Week

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Atlassian Bamboo
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-46302 PyPI CRITICAL POC PATCH Act Now

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Apache Deserialization Submarine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-42480 MEDIUM This Month

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Information Disclosure Netweaver Application Server Java
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-39913 Maven HIGH PATCH This Week

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Java Apache Checkpoint +1
NVD
CVSS 3.1
8.8
EPSS
1.5%
EPSS 0% CVSS 5.5
MEDIUM This Month

Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Brocade Sannav
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Java Oracle +1
NVD
EPSS 1% CVSS 3.1
LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Oracle +8
NVD
EPSS 0% CVSS 2.5
LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Java Oracle +8
NVD
EPSS 1% CVSS 3.1
LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Java Oracle +8
NVD
EPSS 0% CVSS 2.5
LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Java Oracle +8
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Java Open Redirect
NVD
EPSS 1% CVSS 8.8
HIGH This Week

vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Path Traversal RCE +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure SAP
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Xxl Job
NVD GitHub VulDB
EPSS 3% CVSS 8.6
HIGH POC This Week

A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
EPSS 3% CVSS 8.6
HIGH POC This Week

A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Easyadmin
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Geoserver
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Geoserver
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Geoserver
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Geoserver
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Geoserver
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Geoserver
NVD GitHub
EPSS 1% CVSS 6.0
MEDIUM POC PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Denial Of Service Geoserver
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure
NVD
EPSS 9% CVSS 9.8
CRITICAL POC Emergency

RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Raspberrymatic
NVD GitHub
EPSS 1% CVSS 8.2
HIGH PATCH This Week

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Java Authentication Bypass
NVD GitHub
EPSS 3% CVSS 8.1
HIGH PATCH This Week

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Java Open Redirect +2
NVD
EPSS 8% CVSS 8.8
HIGH PATCH This Week

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java RCE +1
NVD GitHub
EPSS 46% CVSS 8.8
HIGH POC THREAT Act Now

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Command Injection +1
NVD GitHub
EPSS 13% CVSS 8.8
HIGH POC PATCH THREAT This Week

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE +1
NVD GitHub
EPSS 6% CVSS 9.9
CRITICAL PATCH Act Now

Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache Java +1
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Command Injection SAP +1
NVD
EPSS 0% CVSS 4.2
MEDIUM POC This Month

A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Java Google +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java +1
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Selectcours
NVD GitHub VulDB
EPSS 1% CVSS 9.1
CRITICAL POC PATCH Act Now

Dataease is an open source data visualization analysis tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Java +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Litemall
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Jetty is a Java based web server and servlet engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Jetty +3
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java File Upload +1
NVD GitHub
EPSS 1% CVSS 7.4
HIGH PATCH This Week

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Spring Security
NVD
EPSS 1% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Oracle +3
NVD
EPSS 1% CVSS 3.1
LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Oracle +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Oracle +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XXE SAP +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java SAP +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Micronaut
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Path Traversal Java Java Code Security Toolkit
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Java Google +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

SOFARPC is a Java RPC framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apache Java +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Framework
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Java Mod Data Export Spring
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Cbor
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

RCE Java Artemis Java Test Sandbox
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Artemis Java Test Sandbox
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Artemis Java Test Sandbox
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Java Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 2.5
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Rated low severity (CVSS 2.5), this vulnerability is no authentication required.

Authentication Bypass Java Oracle +6
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A vulnerability was found in ZhongFuCheng3y Austin 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Austin
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A vulnerability was found in Jspxcms 10.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Jspxcms
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical.java of the component Upload Material Menu. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Java Austin
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Huaxia Erp
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Tduck Platform
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Ox App Suite
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Iparking
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Java Apache +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Month

Amazon Ion is a Java implementation of the Ion data notation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Java Ion
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Aladdin Connect Garage Door Opener Firmware
NVD
EPSS 92% 5.5 CVSS 6.3
MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.0%.

Java RCE Code Injection +1
NVD GitHub VulDB
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

A vulnerability was found in Novel-Plus up to 4.2.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java XSS Novel Plus
NVD GitHub VulDB
EPSS 1% CVSS 8.1
HIGH POC This Week

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Java RCE Code Injection +1
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Mvel
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Hertzbeat
NVD GitHub
EPSS 54% 4.3 CVSS 5.9
MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js +68
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

In streampark, there is a project module that integrates Maven's compilation capability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Command Injection Streampark
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Microsoft +2
NVD
EPSS 0% CVSS 7.3
HIGH This Week

SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Elastic Deserialization +1
NVD
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

HtmlUnit is a GUI-less browser for Java programs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Netgear RCE +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Boot
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Framework
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java XSS Pachno
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1.java of the component Reference Table Handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Itext
NVD VulDB
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java OpenSSL Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

On unix-like systems, the temporary directory is shared between all user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Oracle Apple Atlassian +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Atlassian +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Apache Deserialization +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Java +3
NVD
Prev Page 13 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy