Skip to main content

Java

3273 CVEs product

Monthly

CVE-2022-45146 Maven MEDIUM POC PATCH This Month

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Use After Free Memory Corruption Fips Java Api
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-4065 Maven HIGH POC PATCH This Week

A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Java Testng
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-45461 HIGH This Week

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Command Injection Netbackup
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-45047 Maven CRITICAL PATCH Act Now

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java Apache Sshd
NVD VulDB
CVSS 3.1
9.8
EPSS
5.7%
CVE-2022-41917 MEDIUM PATCH This Month

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Java Elastic Opensearch
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-3969 MEDIUM POC PATCH This Month

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Java Information Disclosure Openkm
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-35740 MEDIUM POC This Month

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Tomcat XSS Dotcms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-43754 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Java XSS Manager Server Uyuni
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-43753 MEDIUM POC This Month

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Python Tomcat Manager Server +1
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-31255 MEDIUM This Month

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java Python Tomcat Manager Server +1
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-39368 Maven HIGH PATCH This Week

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Californium
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-20465 MEDIUM This Month

In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Google Privilege Escalation Android
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2022-31691 CRITICAL Act Now

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Java Bosh Editor Cloudfoundry Manifest Yml Support +3
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-32287 Maven HIGH PATCH This Week

A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Java Uimaj
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-31692 Maven CRITICAL PATCH Act Now

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Security Active Iq Unified Manager
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2022-31690 Maven HIGH PATCH This Week

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Java Spring Security Active Iq Unified Manager
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-43766 LIB HIGH PATCH This Week

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Java Iotdb
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-42468 Maven CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Java Flume
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-42890 Maven HIGH PATCH This Week

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Java Batik Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-41704 Maven HIGH PATCH This Week

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Java Batik Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-39312 Maven CRITICAL POC PATCH Act Now

Dataease is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-39259 Maven MEDIUM POC PATCH This Month

jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Java Jadx
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43428 Maven MEDIUM PATCH This Month

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins Compuware Topaz For Total Test
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43424 Maven MEDIUM PATCH This Month

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins Compuware Xpediter Code Coverage
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43423 Maven MEDIUM PATCH This Month

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins Compuware Source Code Download For Endevor Pds And Ispw
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43422 Maven MEDIUM PATCH This Month

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins Compuware Topaz Utilities
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-39419 MEDIUM PATCH This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Java Java Virtual Machine
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-39399 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Graalvm Jdk +13
NVD VulDB
CVSS 3.1
3.7
EPSS
0.3%
CVE-2022-21634 HIGH PATCH This Week

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Java Graalvm
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-21628 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Java Graalvm Jdk +13
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2022-21626 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Java Graalvm Jdk +13
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21624 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Oracle Java Graalvm Jdk +13
NVD VulDB
CVSS 3.1
3.7
EPSS
0.2%
CVE-2022-21619 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Graalvm Jdk +13
NVD VulDB
CVSS 3.1
3.7
EPSS
0.3%
CVE-2022-21618 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Oracle Java Graalvm Jdk +12
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-21597 MEDIUM PATCH This Month

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java Graalvm
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-39311 HIGH PATCH This Week

GoCD is a continuous delivery server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Java Gocd
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-3171 LIB HIGH PATCH This Week

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Java Google Protobuf Protobuf Java Protobuf Javalite +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-38138 HIGH This Week

The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Java Iec 60870 6 Software Library Iec 61850 Software Library
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-20419 HIGH PATCH This Week

In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Java Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39871 HIGH This Week

Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-39870 HIGH This Week

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-39869 HIGH This Week

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-39867 HIGH This Week

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-39865 HIGH This Week

Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-41853 Maven CRITICAL PATCH Act Now

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Hypersql Database Debian Linux
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-23726 MEDIUM This Month

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Pingcentral
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-23464 Maven HIGH POC This Week

Nepxion Discovery is a solution for Spring Cloud. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Java Discovery
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-23463 Maven CRITICAL POC Act Now

Nepxion Discovery is a solution for Spring Cloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Discovery
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-36944 Maven CRITICAL POC PATCH Act Now

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Java Scala Scala Collection Compat +1
NVD GitHub
CVSS 3.1
9.8
EPSS
8.3%
CVE-2022-33682 Maven MEDIUM PATCH This Month

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Java Pulsar
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-33681 Maven MEDIUM PATCH This Month

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Java Pulsar
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-31679 Maven LOW PATCH Monitor

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Java Spring Data Rest
NVD
CVSS 3.1
3.7
EPSS
0.5%
CVE-2022-37027 HIGH POC THREAT This Week

Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Cloud Backup Suite
NVD
CVSS 3.1
7.2
EPSS
21.7%
CVE-2022-37767 Maven CRITICAL POC Act Now

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Java Pebble Templates
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-37734 Maven HIGH POC PATCH This Week

graphql-java before19.0 is vulnerable to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Graphql Java
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-36259 HIGH POC This Week

A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password",. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-36258 HIGH POC This Week

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36257 HIGH POC This Week

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36256 HIGH POC This Week

A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36255 HIGH POC This Week

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-37023 Maven MEDIUM PATCH This Month

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Deserialization Java Geode
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-37022 Maven HIGH PATCH This Week

Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Deserialization Java Geode
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-37021 Maven CRITICAL PATCH Act Now

Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Java Geode
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-36033 Maven MEDIUM POC PATCH This Month

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla XSS Java Jsoup Management Services For Element Software +2
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-34916 Maven CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Java Flume
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-29805 CRITICAL POC THREAT Act Now

A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Java Fishbowl
NVD
CVSS 3.1
9.8
EPSS
27.4%
CVE-2022-35606 CRITICAL Act Now

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35605 CRITICAL Act Now

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35603 CRITICAL Act Now

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35602 CRITICAL Act Now

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-35601 CRITICAL Act Now

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-35599 CRITICAL Act Now

A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-35598 CRITICAL Act Now

A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36007 Maven LOW POC PATCH Monitor

Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Java Venice
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2022-37041 HIGH PATCH This Week

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Java Collaboration
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-31197 Maven HIGH POC PATCH This Week

PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PostgreSQL SQLi Java Postgresql Jdbc Driver Debian Linux +1
NVD GitHub
CVSS 3.1
8.0
EPSS
1.7%
CVE-2022-36950 CRITICAL Act Now

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Netbackup
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-36900 Maven HIGH PATCH This Week

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins Compuware Zadviser Api
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2022-36899 Maven HIGH PATCH This Week

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins Compuware Ispw Operations
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2022-24405 CRITICAL POC Act Now

OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Java Ox App Suite
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-2131 CRITICAL Act Now

OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Openkm
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-32430 Maven HIGH POC This Week

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Lin Cms Spring Boot
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2022-21549 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Oracle Java Graalvm Jdk +12
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-21540 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Oracle Authentication Bypass Java Use After Free +15
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-34169 Maven HIGH POC PATCH THREAT Act Now

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

Apache RCE Java Xalan Java Debian Linux +14
NVD VulDB
CVSS 3.1
7.5
EPSS
11.0%
CVE-2022-30981 HIGH This Week

An issue was discovered in Gentics CMS before 5.43.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java RCE Gentics Cms
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-31159 Maven MEDIUM POC PATCH This Month

The AWS SDK for Java enables Java developers to work with Amazon Web Services. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Aws Sdk Java
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-20219 MEDIUM This Month

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Java Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-23719 MEDIUM This Month

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. Rated medium severity (CVSS 6.4). No vendor patch available.

Denial Of Service Java Microsoft Pingid Integration For Windows Login
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2022-22980 Maven CRITICAL PATCH Act Now

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Code Injection Spring Data Mongodb
NVD
CVSS 3.1
9.8
EPSS
16.9%
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Use After Free +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Java Testng
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Command Injection Netbackup
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java Apache +1
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Java Elastic +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Java Information Disclosure Openkm
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Tomcat XSS +1
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Java XSS +2
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Python +3
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java Python +3
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Californium
NVD GitHub
EPSS 1% CVSS 4.6
MEDIUM This Month

In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Google Privilege Escalation +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Java +5
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Java +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Security +1
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Java Spring Security +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Java +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Java +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Java +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Java +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Dataease is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java Dataease
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Java +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Java +1
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +15
NVD VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Java +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Java +15
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Java +15
NVD VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Oracle Java +15
NVD VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +15
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Oracle Java +14
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

GoCD is a continuous delivery server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Java +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Java Google Protobuf +5
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Java +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Java +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Hypersql Database +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Pingcentral
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Nepxion Discovery is a solution for Spring Cloud. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Java +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Nepxion Discovery is a solution for Spring Cloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Discovery
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL POC PATCH Act Now

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Java +3
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Java +1
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Java +1
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Java Spring Data Rest
NVD
EPSS 22% CVSS 7.2
HIGH POC THREAT This Week

Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Cloud Backup Suite
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Java +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

graphql-java before19.0 is vulnerable to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Graphql Java
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password",. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Deserialization Java +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Deserialization Java +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Java +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla XSS Java +4
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Java +1
NVD
EPSS 27% CVSS 9.8
CRITICAL POC THREAT Act Now

A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Java +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Inventorymanagementsystem
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Java Venice
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Java Collaboration
NVD
EPSS 2% CVSS 8.0
HIGH POC PATCH This Week

PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PostgreSQL SQLi Java +3
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Netbackup
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins +1
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Java Ox App Suite
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Openkm
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Lin Cms Spring Boot
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Oracle Java +14
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Oracle Authentication Bypass +17
NVD VulDB
EPSS 11% CVSS 7.5
HIGH POC PATCH THREAT Act Now

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

Apache RCE Java +16
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in Gentics CMS before 5.43.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java RCE +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

The AWS SDK for Java enables Java developers to work with Amazon Web Services. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Aws Sdk Java
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Java Information Disclosure +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. Rated medium severity (CVSS 6.4). No vendor patch available.

Denial Of Service Java Microsoft +1
NVD
EPSS 17% CVSS 9.8
CRITICAL PATCH Act Now

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Code Injection Spring Data Mongodb
NVD
Prev Page 16 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy