Skip to main content

Java

3273 CVEs product

Monthly

CVE-2023-30441 HIGH This Week

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure IBM Infosphere Information Server Websphere Application Server +1
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-26813 CRITICAL POC Act Now

SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Wangmarket
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-20873 Maven CRITICAL PATCH Act Now

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Boot
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-21086 HIGH PATCH This Week

In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21081 HIGH PATCH This Week

In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20862 Maven MEDIUM PATCH This Month

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Security Active Iq Unified Manager
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2023-29412 CRITICAL PATCH Act Now

Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Java RCE Command Injection Apc Easy Ups Online Monitoring Software Easy Ups Online Monitoring Software
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-29411 CRITICAL PATCH Act Now

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java RCE Authentication Bypass Apc Easy Ups Online Monitoring Software Easy Ups Online Monitoring Software
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-26049 Maven MEDIUM PATCH This Month

Jetty is a java based web server and servlet engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Java Information Disclosure Jetty Debian Linux Active Iq Unified Manager +3
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2023-26048 Maven MEDIUM PATCH This Month

Jetty is a java based web server and servlet engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Jetty
NVD GitHub
CVSS 3.1
5.3
EPSS
3.3%
CVE-2023-21986 MEDIUM This Month

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image). Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Oracle Denial Of Service Graalvm
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-21968 LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2023-21967 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Denial Of Service Graalvm Jdk +8
NVD
CVSS 3.1
5.9
EPSS
1.5%
CVE-2023-21954 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
5.9
EPSS
1.4%
CVE-2023-21939 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
5.3
EPSS
2.5%
CVE-2023-21938 LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
3.7
EPSS
1.2%
CVE-2023-21937 LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
3.7
EPSS
1.2%
CVE-2023-21934 MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Authentication Bypass Database
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-21930 HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
7.4
EPSS
1.3%
CVE-2023-30535 Maven HIGH PATCH This Week

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Command Injection Snowflake Jdbc
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-20866 Maven MEDIUM PATCH This Month

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Session
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-20863 Maven MEDIUM PATCH This Month

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Framework
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-26458 HIGH This Week

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Java Information Disclosure Landscape Management
NVD
CVSS 3.1
8.7
EPSS
0.6%
CVE-2023-24527 MEDIUM This Month

SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver As Java For Deploy Service
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-26919 HIGH POC This Week

delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Nashorn Sandbox
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-28500 CRITICAL Act Now

A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Adobe Deserialization Livecycle Es4
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-1741 Maven CRITICAL Act Now

A vulnerability was found in jeecg-boot 3.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SQLi Jeecg Boot
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-28462 Maven CRITICAL PATCH Act Now

A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Payara Server
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1656 HIGH This Week

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Apple Microsoft Ldap Connector
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-25722 Maven MEDIUM PATCH This Month

A credential-leak issue was discovered in related Veracode products before 2023-03-27. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Java Information Disclosure Microsoft Veracode
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20860 Maven HIGH PATCH This Week

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Framework
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2023-28867 Maven HIGH PATCH This Week

In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Java Denial Of Service Graphql Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-20911 HIGH PATCH This Week

In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Privilege Escalation Denial Of Service Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20861 Maven MEDIUM PATCH This Month

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Framework
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-20859 Maven MEDIUM PATCH This Month

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Hashicorp Spring Cloud Config Spring Cloud Vault +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-1609 MEDIUM POC This Month

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Crmeb Java
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1608 CRITICAL POC Act Now

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Crmeb Java
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-28725 CRITICAL POC THREAT Act Now

General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java File Upload Crypto Application Server
NVD
CVSS 3.1
9.1
EPSS
20.6%
CVE-2023-27268 MEDIUM This Month

SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver Application Server For Java
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-26460 MEDIUM This Month

Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver Application Server For Java
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-25617 PyPI HIGH This Week

SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Java Command Injection Business Objects Business Intelligence Platform
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-24526 MEDIUM This Month

SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver Application Server Java
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-23857 HIGH This Week

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver Application Server For Java
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2023-1191 HIGH POC This Week

A vulnerability classified as problematic has been found in fastcms. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Fastcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-1165 HIGH POC This Week

A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Crmeb
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-0511 CRITICAL Act Now

Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass.10.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Authentication Bypass Java Policy Agents
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-25157 Maven CRITICAL POC PATCH THREAT Act Now

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java SQLi Geoserver
NVD GitHub
CVSS 3.1
9.8
EPSS
85.2%
CVE-2023-25158 Maven CRITICAL PATCH Act Now

GeoTools is an open source Java library that provides tools for geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Java SQLi Geotools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-25561 CRITICAL Act Now

DataHub is an open-source metadata platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Datahub
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-25558 HIGH PATCH This Week

DataHub is an open-source metadata platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java RCE Deserialization Datahub
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24815 Maven MEDIUM POC PATCH This Month

Vert.x-Web is a set of building blocks for building web applications in the java programming language. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Path Traversal Microsoft Vert X Web
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-0758 CRITICAL Act Now

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SQLi Jfinaloa
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-25194 Maven HIGH POC PATCH THREAT Act Now

A possible security vulnerability has been identified in Apache Kafka Connect API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Apache Deserialization Kafka Connect
NVD
CVSS 3.1
8.8
EPSS
95.3%
CVE-2023-20913 HIGH This Week

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Privilege Escalation Google XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21849 HIGH This Week

Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass E Business Suite
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-21843 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Graalvm Jdk +2
NVD
CVSS 3.1
3.7
EPSS
1.4%
CVE-2023-21835 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service Graalvm Jdk +2
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2023-21830 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass Communications Unified Assurance Graalvm +3
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-22602 Maven HIGH PATCH This Week

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Apache Authentication Bypass Shiro Spring Boot
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-0017 CRITICAL Act Now

An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver Application Server For Java
NVD
CVSS 3.1
9.8
EPSS
15.7%
CVE-2022-4859 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33.java of the component User Profile Menu. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Java XSS Joget Dx
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4773 LOW POC PATCH Monitor

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Cloudsync
NVD VulDB GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2022-41967 HIGH PATCH This Week

Dragonfly is a Java runtime dependency management library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Dragonfly
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-41966 Maven HIGH POC PATCH This Week

XStream serializes Java objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Denial Of Service Buffer Overflow Xstream
NVD GitHub
CVSS 3.1
7.5
EPSS
8.7%
CVE-2022-4772 Maven HIGH PATCH This Week

A vulnerability was found in Widoco and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Widoco
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-4727 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java XSS Appointment Scheduling Module
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-4725 Maven CRITICAL PATCH Act Now

A vulnerability was found in AWS SDK 2.59.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Java SSRF Google Aws Software Development Kit
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-4641 MEDIUM PATCH This Month

A vulnerability was found in pig-vector and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Java Apache Information Disclosure Pig Vector
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-4583 HIGH POC PATCH This Week

A vulnerability was found in jLEMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Java Jlems
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-4560 MEDIUM PATCH This Month

A vulnerability was found in Joget up to 7.0.31. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Java XSS Joget Dx
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-32531 LIB MEDIUM PATCH This Month

The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Apache Information Disclosure Bookkeeper
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-4494 CRITICAL PATCH Act Now

A vulnerability, which was classified as critical, has been found in bspkrs MCPMappingViewer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Mcp Mapping Viewer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-4493 Maven CRITICAL PATCH Act Now

A vulnerability classified as critical was found in scifio. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Scifio
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-4454 CRITICAL PATCH Act Now

A vulnerability, which was classified as critical, has been found in m0ver bible-online. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java SQLi Bible Online
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-45690 Maven HIGH POC PATCH This Week

A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Java Denial Of Service Buffer Overflow Json Java +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-41262 MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java XSS Netweaver Application Server Java
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-3510 Maven HIGH PATCH This Week

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Protobuf Java Protobuf Javalite
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-3509 Maven HIGH PATCH This Week

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Protobuf Java Protobuf Javalite
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-46687 Maven MEDIUM PATCH This Month

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins XSS Spring Config
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-46166 Maven CRITICAL PATCH Act Now

Spring boot admins is an open source administrative user interface for management of spring boot applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Java Spring Boot Admin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-23496 Maven HIGH PATCH This Week

Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Yet Another Useragent Analyzer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-38754 MEDIUM This Month

A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java XSS Operations Bridge Operations Bridge Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-4322 HIGH POC PATCH This Week

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Information Disclosure Maku Boot
NVD VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-43484 Maven HIGH POC PATCH This Week

TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Terasoluna Global Framework Terasoluna Server Framework For Java Rich
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-21126 Maven HIGH POC PATCH This Week

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Java Htsjdk
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-45932 HIGH POC PATCH This Week

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java SQLi Opendaylight
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-45931 HIGH PATCH This Week

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java SQLi Opendaylight
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-45930 HIGH POC PATCH This Week

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java SQLi Opendaylight
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41946 Maven MEDIUM POC PATCH This Month

pgjdbc is an open source postgresql JDBC Driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Apple Java PostgreSQL Postgresql Jdbc Driver +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-41923 CRITICAL PATCH Act Now

Grails Spring Security Core plugin is vulnerable to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Java Privilege Escalation Spring Security Core
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
EPSS 1% CVSS 7.5
HIGH This Week

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure IBM +3
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Wangmarket
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Boot
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Privilege Escalation Google +1
NVD
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Security +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Java RCE Command Injection +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java RCE Authentication Bypass +2
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jetty is a java based web server and servlet engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Java Information Disclosure Jetty +5
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

Jetty is a java based web server and servlet engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Jetty
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image). Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Oracle Denial Of Service +1
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +10
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Denial Of Service +10
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +10
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass +10
NVD
EPSS 1% CVSS 3.7
LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +10
NVD
EPSS 1% CVSS 3.7
LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +10
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +10
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Command Injection +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Session
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Framework
NVD
EPSS 1% CVSS 8.7
HIGH This Week

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Java Information Disclosure +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass +1
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Nashorn Sandbox
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Adobe +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in jeecg-boot 3.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SQLi Jeecg Boot
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Payara Server
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Apple +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A credential-leak issue was discovered in related Veracode products before 2023-03-27. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Java Information Disclosure +2
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Framework
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Java Denial Of Service Graphql Java
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Privilege Escalation Denial Of Service +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Framework
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Hashicorp +3
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Crmeb Java
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Crmeb Java
NVD GitHub VulDB
EPSS 21% CVSS 9.1
CRITICAL POC THREAT Act Now

General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java File Upload Crypto Application Server
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Java Command Injection +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass +1
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass +1
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability classified as problematic has been found in fastcms. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Fastcms
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Crmeb
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass.10.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Authentication Bypass +1
NVD
EPSS 85% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java SQLi Geoserver
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

GeoTools is an open source Java library that provides tools for geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Java SQLi Geotools
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

DataHub is an open-source metadata platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Datahub
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

DataHub is an open-source metadata platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java RCE Deserialization +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Vert.x-Web is a set of building blocks for building web applications in the java programming language. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Path Traversal Microsoft +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SQLi Jfinaloa
NVD VulDB GitHub
EPSS 95% CVSS 8.8
HIGH POC PATCH THREAT Act Now

A possible security vulnerability has been identified in Apache Kafka Connect API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Apache Deserialization +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Privilege Escalation Google +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +4
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service +4
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass +5
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Apache Authentication Bypass +2
NVD
EPSS 16% CVSS 9.8
CRITICAL Act Now

An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33.java of the component User Profile Menu. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Java XSS Joget Dx
NVD GitHub VulDB
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Cloudsync
NVD VulDB GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Dragonfly is a Java runtime dependency management library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Dragonfly
NVD GitHub
EPSS 9% CVSS 7.5
HIGH POC PATCH This Week

XStream serializes Java objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in Widoco and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Widoco
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java XSS Appointment Scheduling Module
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability was found in AWS SDK 2.59.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Java SSRF Google +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability was found in pig-vector and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Java Apache Information Disclosure +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

A vulnerability was found in jLEMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Java Jlems
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A vulnerability was found in Joget up to 7.0.31. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Java XSS Joget Dx
NVD GitHub VulDB
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Apache Information Disclosure +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability, which was classified as critical, has been found in bspkrs MCPMappingViewer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Mcp Mapping Viewer
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability classified as critical was found in scifio. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Scifio
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability, which was classified as critical, has been found in m0ver bible-online. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java SQLi Bible Online
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Java Denial Of Service +3
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java XSS +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Protobuf Java +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Protobuf Java +1
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins XSS +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Spring boot admins is an open source administrative user interface for management of spring boot applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Java +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Yet Another Useragent Analyzer
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java XSS Operations Bridge +1
NVD
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Information Disclosure Maku Boot
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Terasoluna Global Framework +1
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Java Htsjdk
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java SQLi Opendaylight
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java SQLi Opendaylight
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java SQLi Opendaylight
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

pgjdbc is an open source postgresql JDBC Driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Apple Java +3
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Grails Spring Security Core plugin is vulnerable to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Java Privilege Escalation Spring Security Core
NVD GitHub
Prev Page 15 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy