Skip to main content

Java

3272 CVEs product

Monthly

CVE-2023-42480 MEDIUM This Month

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Information Disclosure Netweaver Application Server Java
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-39913 Maven HIGH PATCH This Week

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Java Apache Checkpoint +1
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-4043 Maven HIGH POC PATCH This Week

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Parsson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-47174 CRITICAL Act Now

Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Deserialization Sftp Gateway Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46604 Maven CRITICAL POC KEV EUVD KEV PATCH THREAT Act Now

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Activemq Activemq Legacy Openwire Module Debian Linux +3
NVD
CVSS 3.1
9.8
EPSS
99.7%
CVE-2023-46120 Maven HIGH POC PATCH This Week

The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Rabbitmq Java Client
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-43961 Maven HIGH POC PATCH This Week

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Sa Token
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-43795 Maven CRITICAL POC PATCH THREAT Act Now

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SSRF Geoserver
NVD GitHub
CVSS 3.1
9.8
EPSS
67.7%
CVE-2023-41339 Maven MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SSRF Geoserver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-39219 HIGH This Week

PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Pingfederate
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-37913 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Path Traversal Microsoft Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-44483 Maven MEDIUM PATCH This Month

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Apache Information Disclosure Santuario Xml Security For Java
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-40153 MEDIUM This Month

The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS Dexgate
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-34050 MEDIUM This Month

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Deserialization Spring Advanced Message Queuing Protocol
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2023-3042 MEDIUM This Month

In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS Dotcms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22096 MEDIUM PATCH This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Authentication Bypass Database Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-22091 MEDIUM PATCH This Month

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Graalvm For Jdk
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-22081 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service Graalvm For Jdk Jdk +3
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2023-22067 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Oracle Authentication Bypass Jdk Jre +2
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-22025 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Graalvm For Jdk Jdk +3
NVD
CVSS 3.1
3.7
EPSS
0.9%
CVE-2023-45669 Maven MEDIUM PATCH This Month

WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Java Authentication Bypass Spring Security
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-5072 Maven HIGH POC PATCH This Week

Denial of Service in JSON-Java versions up to and including 20230618. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Denial Of Service Json Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-42477 MEDIUM This Month

SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java SSRF Netweaver Application Server Java
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42809 Maven HIGH POC PATCH This Week

Redisson is a Java Redis client that uses the Netty framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Redis Deserialization Redisson
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-39410 LIB HIGH PATCH This Week

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.11.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Apache Deserialization Avro
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-5257 MEDIUM POC This Month

A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Microsoft Jndiexploit
NVD GitHub VulDB
CVSS 3.1
5.7
EPSS
0.8%
CVE-2023-43642 Maven HIGH POC PATCH This Week

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Google Snappy Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-42280 HIGH POC This Week

mee-admin 1.5 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Mee Admin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-34047 Maven MEDIUM PATCH This Month

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring For Graphql
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-41599 MEDIUM POC THREAT This Month

An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Jfinalcms
NVD
CVSS 3.1
5.3
EPSS
11.2%
CVE-2023-5016 CRITICAL POC Act Now

A vulnerability was found in spider-flow up to 0.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Spider Flow
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-41900 Maven MEDIUM POC PATCH This Month

Jetty is a Java based web server and servlet engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Authentication Bypass Jetty Debian Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-40167 Maven MEDIUM PATCH This Month

Jetty is a Java based web server and servlet engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jetty Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-42503 Maven MEDIUM PATCH This Month

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.22 before 1.24.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Atlassian Java Apache +1
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-41331 CRITICAL Act Now

SOFARPC is a Java RPC framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Sofarpc
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-4528 HIGH This Week

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Microsoft Apple Deserialization Jscape Mft
NVD
CVSS 3.1
7.2
EPSS
27.1%
CVE-2023-0925 CRITICAL Act Now

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Microsoft Deserialization Webmethods
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-40743 Maven CRITICAL PATCH Act Now

** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Apache SSRF Axis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-40980 CRITICAL POC Act Now

File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE File Upload Dwsurvey
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-39685 Maven HIGH POC PATCH This Week

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection Denial Of Service Hjson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41034 Maven CRITICAL PATCH Act Now

Eclipse Leshan is a device management server and client Java implementation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Leshan
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-24621 Maven HIGH POC This Week

An issue was discovered in Esoteric YamlBeans through 1.15. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Yamlbeans
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-24620 Maven MEDIUM POC This Month

An issue was discovered in Esoteric YamlBeans through 1.15. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Yamlbeans
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-34040 Maven HIGH PATCH This Week

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Apache Deserialization Spring For Apache Kafka
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2023-39106 Maven HIGH POC This Week

An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization Nacos Spring Project
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-40313 Maven HIGH PATCH This Week

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java RCE Code Injection Horizon Meridian
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39951 MEDIUM POC PATCH This Month

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Information Disclosure Opentelemetry Instrumentation For Java
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-38689 CRITICAL PATCH Act Now

Logistics Pipes is a modification (a.k.a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java RCE Deserialization Logisticspipes
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-36480 Maven CRITICAL PATCH Act Now

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java RCE Deserialization Aerospike Java Client
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-24971 MEDIUM PATCH This Month

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Denial Of Service Deserialization IBM B2B Advanced Communications +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-39018 CRITICAL POC Act Now

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection Ffmpeg Cli Wrapper
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38493 Maven HIGH PATCH This Week

Armeria is a microservice framework Spring supports Matrix variables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Armeria
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-37895 Maven CRITICAL PATCH Act Now

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Apache RCE Deserialization Jackrabbit
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2023-34034 Maven CRITICAL PATCH Act Now

Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Security
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2023-22052 LOW PATCH Monitor

Vulnerability in the Java VM component of Oracle Database Server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Java Oracle Authentication Bypass Database Server
NVD
CVSS 3.1
3.1
EPSS
0.3%
CVE-2023-22051 LOW PATCH Monitor

Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Graalvm Graalvm For Jdk
NVD
CVSS 3.1
3.7
EPSS
0.4%
CVE-2023-22049 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Debian Linux Graalvm +8
NVD
CVSS 3.1
3.7
EPSS
1.3%
CVE-2023-22045 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Graalvm Graalvm For Jdk +8
NVD
CVSS 3.1
3.7
EPSS
1.2%
CVE-2023-22044 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Graalvm Graalvm For Jdk +3
NVD
CVSS 3.1
3.7
EPSS
1.1%
CVE-2023-22043 MEDIUM PATCH This Month

Vulnerability in Oracle Java SE (component: JavaFX). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-22041 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Java Oracle Authentication Bypass Graalvm Graalvm For Jdk +8
NVD
CVSS 3.1
5.1
EPSS
0.5%
CVE-2023-22036 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Denial Of Service Graalvm Graalvm For Jdk +8
NVD
CVSS 3.1
3.7
EPSS
1.1%
CVE-2023-22006 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Graalvm Graalvm For Jdk +8
NVD
CVSS 3.1
3.1
EPSS
0.9%
CVE-2023-34035 Maven MEDIUM POC PATCH This Month

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Spring Security
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-34036 Maven MEDIUM PATCH This Month

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Hateoas
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-38286 Maven HIGH POC PATCH This Week

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Java RCE Command Injection Spring Boot Admin Thymeleaf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31405 MEDIUM This Month

SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Information Disclosure Netweaver Application Server For Java
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-30321 CRITICAL POC Act Now

Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE XSS Chatengine
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2023-30320 CRITICAL POC Act Now

Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE XSS Chatengine
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2023-30319 CRITICAL POC Act Now

Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE XSS Chatengine
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2023-30325 HIGH This Week

SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SQLi Chatengine
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-30323 HIGH This Week

SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SQLi Chatengine
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-30322 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE XSS Chatengine
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33201 Maven MEDIUM PATCH This Month

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Code Injection Bc Java
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-26436 HIGH This Week

Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java RCE Code Injection Deserialization Open Xchange Appsuite Backend
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-34455 Maven HIGH POC PATCH This Week

snappy-java is a fast compressor/decompressor for Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Snappy Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-34454 Maven HIGH PATCH This Week

snappy-java is a fast compressor/decompressor for Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Java Buffer Overflow Snappy Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-34453 Maven HIGH POC PATCH This Week

snappy-java is a fast compressor/decompressor for Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Java Denial Of Service Snappy Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-3276 Maven HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Hutool
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-2976 Maven HIGH PATCH This Week

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Google Path Traversal Microsoft Java Information Disclosure +1
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-34112 HIGH POC This Week

JavaCPP Presets is a project providing Java distributions of native C++ libraries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection Command Injection Javacpp Presets
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-32217 HIGH This Week

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Identityiq
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-33962 Maven MEDIUM POC PATCH This Month

JStachio is a type-safe Java Mustache templating engine. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java XSS Jstachio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-20883 Maven HIGH PATCH This Week

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Boot
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-30333 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE File Upload Perfreeblog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-32787 HIGH PATCH This Week

The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Ua Java Legacy Ua Historian Ua Modbus Server +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-29986 MEDIUM This Month

spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Spring Boot Actuator Logview
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-30744 CRITICAL Act Now

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver Application Server For Java
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-2473 MEDIUM This Month

A vulnerability was found in Dreamer CMS up to 4.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Dreamer Cms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-30441 HIGH This Week

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure IBM Infosphere Information Server Websphere Application Server +1
NVD
CVSS 3.1
7.5
EPSS
0.6%
EPSS 1% CVSS 5.3
MEDIUM This Month

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Java +3
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Parsson
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Deserialization +1
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV EUVD KEV PATCH THREAT Act Now

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Activemq +5
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Rabbitmq Java Client
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Sa Token
NVD GitHub
EPSS 68% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SSRF Geoserver
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SSRF Geoserver
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Pingfederate
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Path Traversal Microsoft +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Apache Information Disclosure +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS Dexgate
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Deserialization Spring Advanced Message Queuing Protocol
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS Dotcms
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Authentication Bypass +1
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service +5
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Oracle Authentication Bypass +4
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +5
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Java Authentication Bypass Spring Security
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Denial of Service in JSON-Java versions up to and including 20230618. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Denial Of Service Json Java
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java SSRF +1
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Redisson is a Java Redis client that uses the Netty framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Redis +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.11.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Apache Deserialization +1
NVD
EPSS 1% CVSS 5.7
MEDIUM POC This Month

A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Microsoft +1
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Google +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

mee-admin 1.5 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Mee Admin
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring For Graphql
NVD
EPSS 11% CVSS 5.3
MEDIUM POC THREAT This Month

An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Jfinalcms
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in spider-flow up to 0.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Spider Flow
NVD GitHub VulDB
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Jetty is a Java based web server and servlet engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Authentication Bypass Jetty +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jetty is a Java based web server and servlet engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jetty +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.22 before 1.24.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Atlassian +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SOFARPC is a Java RPC framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Sofarpc
NVD GitHub
EPSS 27% CVSS 7.2
HIGH This Week

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Microsoft Apple +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Microsoft Deserialization +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Apache SSRF +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Eclipse Leshan is a device management server and client Java implementation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Leshan
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue was discovered in Esoteric YamlBeans through 1.15. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Yamlbeans
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in Esoteric YamlBeans through 1.15. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Yamlbeans
NVD GitHub
EPSS 2% CVSS 7.8
HIGH PATCH This Week

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Apache Deserialization +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java RCE Code Injection +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Information Disclosure Opentelemetry Instrumentation For Java
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Logistics Pipes is a modification (a.k.a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java RCE Deserialization +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java RCE Deserialization +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Denial Of Service Deserialization +3
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Armeria is a microservice framework Spring supports Matrix variables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Armeria
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Apache RCE +2
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Security
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java VM component of Oracle Database Server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Java Oracle Authentication Bypass +1
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +2
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +10
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +10
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +5
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in Oracle Java SE (component: JavaFX). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +2
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Java Oracle Authentication Bypass +10
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Denial Of Service +10
NVD
EPSS 1% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +10
NVD
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Spring Security
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Hateoas
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Java RCE Command Injection +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Information Disclosure +1
NVD
EPSS 1% CVSS 9.0
CRITICAL POC Act Now

Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE XSS +1
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL POC Act Now

Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE XSS +1
NVD GitHub
EPSS 1% CVSS 9.6
CRITICAL POC Act Now

Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE XSS +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SQLi Chatengine
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SQLi Chatengine
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE XSS +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Code Injection Bc Java
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java RCE Code Injection +2
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

snappy-java is a fast compressor/decompressor for Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Snappy Java
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

snappy-java is a fast compressor/decompressor for Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Java Buffer Overflow +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

snappy-java is a fast compressor/decompressor for Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Java Denial Of Service +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Hutool
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Google Path Traversal Microsoft +3
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

JavaCPP Presets is a project providing Java distributions of native C++ libraries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Identityiq
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

JStachio is a type-safe Java Mustache templating engine. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java XSS Jstachio
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Boot
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Ua Java Legacy +3
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Spring Boot Actuator Logview
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A vulnerability was found in Dreamer CMS up to 4.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Dreamer Cms
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure IBM +3
NVD
Prev Page 14 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy