Skip to main content

Java

3273 CVEs product

Monthly

CVE-2022-31248 MEDIUM POC This Month

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Manager Server
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-21952 HIGH POC This Week

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Manager Server
NVD VulDB
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-22979 Maven HIGH PATCH This Week

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Java Spring Cloud Function
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-33915 HIGH This Week

Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Race Condition Apache Java Hotpatch
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-31619 HIGH PATCH This Week

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass RCE Java Teamcenter
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-25167 Maven CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Java Apache Flume
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2022-31053 LIB CRITICAL POC PATCH Act Now

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Java Biscuit Auth Biscuit Go +2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-31023 Maven HIGH PATCH This Week

Play Framework is a web framework for Java and Scala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Play Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31018 Maven HIGH PATCH This Week

Play Framework is a web framework for Java and Scala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Play Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-29249 Maven HIGH PATCH This Week

JavaEZ is a library that adds new functions to make Java easier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Javaez
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-30551 HIGH PATCH This Week

OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Ua Java
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-22978 Maven CRITICAL PATCH Act Now

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Security Financial Services Crime And Compliance Management Studio Active Iq Unified Manager
NVD
CVSS 3.1
9.8
EPSS
10.7%
CVE-2022-22976 Maven MEDIUM PATCH This Month

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Java Spring Security Financial Services Crime And Compliance Management Studio +1
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2022-26650 Maven HIGH PATCH This Week

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Apache Shenyu
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-22971 Maven MEDIUM PATCH This Month

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Java Spring Framework Financial Services Crime And Compliance Management Studio Cloud Secure Agent +1
NVD
CVSS 3.1
6.5
EPSS
3.1%
CVE-2022-22970 Maven MEDIUM PATCH This Month

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Java Spring Framework Financial Services Crime And Compliance Management Studio Active Iq Unified Manager +3
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2022-20011 MEDIUM PATCH This Month

In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Java Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20006 HIGH This Week

In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Race Condition Privilege Escalation Java Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-24823 Maven MEDIUM POC PATCH This Month

Netty is an open-source, asynchronous event-driven network application framework. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Java Microsoft Information Disclosure Netty Financial Services Crime And Compliance Management Studio +3
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-29176 HIGH This Week

Rubygems is a package registry used to supply software for the Ruby language ecosystem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Java Rubygems Org
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-24897 Maven HIGH POC PATCH This Week

APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Java Path Traversal Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-21230 MEDIUM This Month

This affects all versions of package org.nanohttpd:nanohttpd. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Nanohttpd
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29936 HIGH POC This Week

USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Java RCE Oracle Oracle Optimization
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-22969 Maven MEDIUM PATCH This Month

<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Java Information Disclosure Spring Security Oauth Communications Design Studio
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-26133 CRITICAL POC PATCH THREAT Act Now

SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java RCE Atlassian Bitbucket Data Center
NVD GitHub
CVSS 3.1
9.8
EPSS
71.1%
CVE-2022-0070 HIGH POC This Week

Incomplete fix for CVE-2021-3100. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache Java Log4Jhotpatch
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-21498 MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Oracle Database
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-21496 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Graalvm Java Se +14
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2022-21476 HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java Graalvm Jdk +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-21449 HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Graalvm Jdk +14
NVD
CVSS 3.1
7.5
EPSS
48.2%
CVE-2022-21443 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Java Oracle Graalvm Java Se +14
NVD
CVSS 3.1
3.7
EPSS
2.7%
CVE-2022-21434 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Graalvm Jdk +15
NVD
CVSS 3.1
5.3
EPSS
2.5%
CVE-2022-21426 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Graalvm Jdk +15
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2022-22968 Maven MEDIUM PATCH This Month

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Framework Active Iq Unified Manager Cloud Secure Agent +4
NVD
CVSS 3.1
5.3
EPSS
5.7%
CVE-2022-1279 HIGH PATCH This Week

A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Ebics Java
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-24847 Maven HIGH PATCH This Week

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java RCE Geoserver
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-24818 HIGH PATCH This Week

GeoTools is an open source Java library that provides tools for geospatial data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Deserialization Java RCE Geotools
NVD GitHub
CVSS 3.1
7.2
EPSS
2.3%
CVE-2022-24816 Maven CRITICAL POC KEV PATCH THREAT Act Now

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java RCE Code Injection Jai Ext
NVD GitHub
CVSS 3.1
10.0
EPSS
98.7%
CVE-2022-27669 HIGH This Week

An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Java Netweaver Application Server For Java
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-24827 Maven HIGH PATCH This Week

Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Java SQLi Elide
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2022-24815 npm HIGH POC PATCH This Week

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java SQLi Generator Jhipster
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2022-27960 MEDIUM POC This Month

Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Java Ofcms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-20763 HIGH This Week

A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Cisco Webex Meetings Online
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-22965 Maven CRITICAL POC KEV PATCH THREAT Act Now

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Tomcat Spring Framework +37
NVD
CVSS 3.1
9.8
EPSS
99.7%
CVE-2022-22963 Maven CRITICAL POC KEV PATCH THREAT Act Now

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Spring Cloud Function Banking Branch +26
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2022-22950 Maven MEDIUM PATCH This Month

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Java Spring Framework
NVD
CVSS 3.1
6.5
EPSS
35.8%
CVE-2022-27772 Maven HIGH POC PATCH This Week

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Spring Boot
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-27203 Maven MEDIUM This Month

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Path Traversal Extended Choice Parameter
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-24282 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java RCE Sinec Network Management System
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-22946 MEDIUM PATCH This Month

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Java Information Disclosure Spring Cloud Gateway Commerce Guided Search Communications Cloud Native Core Binding Support Function +3
NVD
CVSS 3.1
5.5
EPSS
4.8%
CVE-2022-22947 Maven CRITICAL POC KEV PATCH THREAT Act Now

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Spring Cloud Gateway Commerce Guided Search +8
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
98.3%
CVE-2022-21366 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-21360 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21341 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Oracle Denial Of Service Java Graalvm +18
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21340 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
6.4%
CVE-2022-21305 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-21299 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21296 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Oracle Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21294 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21293 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +18
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21291 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Java Graalvm Jdk +18
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21283 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +18
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21282 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Oracle Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21277 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-44832 Maven MEDIUM PATCH This Month

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has...

RCE Apache Java
NVD VulDB
CVSS 3.1
6.6
EPSS
53.6%
Threat
4.9
CVE-2021-45890 CRITICAL PATCH Act Now

basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Java Authentication Bypass Authguard
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-0997 MEDIUM PATCH This Month

In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Java Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0933 HIGH This Week

In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Java Android
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2021-42064 CRITICAL Act Now

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Oracle SAP Java Commerce
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-39052 CRITICAL PATCH Act Now

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Java Spectrum Copy Data Management
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-37941 PyPI HIGH PATCH This Week

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Apm Agent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-23262 HIGH This Week

Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Crafter Cms
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2021-23258 HIGH This Week

Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Crafter Cms
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2021-22095 Maven MEDIUM PATCH This Month

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Spring Advanced Message Queuing Protocol
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-40831 LIB HIGH PATCH This Week

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Authentication Bypass Apple Node.js Java +2
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2021-40830 LIB HIGH PATCH This Week

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Node.js Java Amazon Web Services Aws C Io +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-40829 LIB HIGH PATCH This Week

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Apple Information Disclosure Node.js Java +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-40828 LIB HIGH PATCH This Week

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Microsoft Information Disclosure Node.js Java +2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-33493 MEDIUM POC This Month

The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Java Ox App Suite
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2021-22053 Maven HIGH POC PATCH THREAT This Week

Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java Spring Cloud Netflix
NVD
CVSS 3.1
8.8
EPSS
13.0%
CVE-2021-35528 HIGH This Week

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Java Authentication Bypass Counterparty Settlements And Billing Retail Operations
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-41269 Maven CRITICAL POC PATCH Act Now

cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Java Cron Utils
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-43570 Maven CRITICAL POC PATCH Act Now

The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Jwt Attack Ecdsa Java
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-22051 Maven MEDIUM PATCH This Month

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Cloud Gateway
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-31602 HIGH POC THREAT This Week

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Vantara Pentaho Vantara Pentaho Business Intelligence Server
NVD
CVSS 3.1
7.5
EPSS
51.7%
CVE-2021-22097 Maven MEDIUM PATCH This Month

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Spring Advanced Message Queuing Protocol
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-22096 Maven MEDIUM PATCH This Month

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Spring Framework Active Iq Unified Manager Management Services For Element Software And Netapp Hci +5
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2021-22047 Maven MEDIUM PATCH This Month

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Java Spring Data Rest
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-22044 Maven HIGH PATCH This Week

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Spring Cloud Openfeign
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-41619 HIGH This Week

An issue was discovered in Gradle Enterprise before 2021.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java Enterprise
NVD
CVSS 3.1
7.2
EPSS
2.6%
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Manager Server
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Manager Server
NVD VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Java Spring Cloud Function
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Race Condition Apache +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass RCE Java +1
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Java Apache +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Java +4
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Play Framework is a web framework for Java and Scala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Play Framework
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Play Framework is a web framework for Java and Scala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Play Framework
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

JavaEZ is a library that adds new functions to make Java easier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Javaez
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Ua Java
NVD GitHub
EPSS 11% CVSS 9.8
CRITICAL PATCH Act Now

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Security +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Java +3
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Apache +1
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Java Spring Framework +3
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Java Spring Framework +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Race Condition Privilege Escalation +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Netty is an open-source, asynchronous event-driven network application framework. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Java Microsoft Information Disclosure +5
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

Rubygems is a package registry used to supply software for the Ruby language ecosystem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Java Rubygems Org
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Java Path Traversal Xwiki
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

This affects all versions of package org.nanohttpd:nanohttpd. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Nanohttpd
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Java RCE +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Java Information Disclosure Spring Security Oauth +1
NVD
EPSS 71% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java RCE +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Incomplete fix for CVE-2021-3100. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache Java +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Oracle +1
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle +16
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java +18
NVD VulDB
EPSS 48% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle +16
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Java Oracle +16
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle +17
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +17
NVD
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Framework +6
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Ebics Java
NVD GitHub
EPSS 1% CVSS 7.2
HIGH PATCH This Week

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java RCE +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

GeoTools is an open source Java library that provides tools for geospatial data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Deserialization Java RCE +1
NVD GitHub
EPSS 99% CVSS 10.0
CRITICAL POC KEV PATCH THREAT Act Now

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java RCE Code Injection +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Java +1
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Java SQLi Elide
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java SQLi Generator Jhipster
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Java Ofcms
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Cisco +1
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection +39
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection +28
NVD Exploit-DB
EPSS 36% CVSS 6.5
MEDIUM PATCH This Month

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Java Spring Framework
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Spring Boot
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM This Month

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Path Traversal +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java RCE +1
NVD
EPSS 5% CVSS 5.5
MEDIUM PATCH This Month

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Java Information Disclosure Spring Cloud Gateway +5
NVD
EPSS 98% CVSS 10.0
CRITICAL POC KEV PATCH THREAT Act Now

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection +10
NVD Exploit-DB
EPSS 1% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +19
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +19
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Oracle Denial Of Service +20
NVD VulDB
EPSS 6% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +19
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Java +19
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +19
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Oracle +19
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +19
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +20
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Java +20
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +20
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Oracle Java +19
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +19
NVD VulDB
EPSS 54% 4.9 CVSS 6.6
MEDIUM PATCH This Month

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has...

RCE Apache Java
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Java Authentication Bypass Authguard
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Java +1
NVD
EPSS 0% CVSS 8.0
HIGH This Week

In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Java +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Oracle SAP +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Java +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Apm Agent
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Crafter Cms
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Crafter Cms
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Spring Advanced Message Queuing Protocol
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Authentication Bypass Apple +4
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Node.js +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Apple Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Microsoft Information Disclosure +4
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM POC This Month

The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Java +1
NVD
EPSS 13% CVSS 8.8
HIGH POC PATCH THREAT This Week

Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Java Authentication Bypass Counterparty Settlements And Billing +1
NVD
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Java +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Jwt Attack +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Cloud Gateway
NVD
EPSS 52% CVSS 7.5
HIGH POC THREAT This Week

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Vantara Pentaho +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Spring Advanced Message Queuing Protocol
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Spring Framework +7
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Java +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Spring Cloud Openfeign
NVD
EPSS 3% CVSS 7.2
HIGH This Week

An issue was discovered in Gradle Enterprise before 2021.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java +1
NVD
Prev Page 17 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy