Skip to main content

Java

3273 CVEs product

Monthly

CVE-2021-35619 HIGH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Information Disclosure Java Java Virtual Machine
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2021-35603 LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
3.7
EPSS
4.1%
CVE-2021-35588 LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
3.1
EPSS
3.6%
CVE-2021-35586 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
6.3%
CVE-2021-35578 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
6.2%
CVE-2021-35567 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Java Openjdk Graalvm +14
NVD
CVSS 3.1
6.8
EPSS
2.7%
CVE-2021-35565 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
6.9%
CVE-2021-35564 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
5.2%
CVE-2021-35561 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
6.5%
CVE-2021-35560 HIGH PATCH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Oracle Information Disclosure Java Openjdk E Series Santricity Os Controller +4
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2021-35559 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
14.8%
CVE-2021-35556 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2021-35550 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Graalvm Openjdk +11
NVD
CVSS 3.1
5.9
EPSS
6.9%
CVE-2021-42575 Maven CRITICAL POC PATCH Act Now

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Java Java Html Sanitizer Middleware Common Libraries And Tools Primavera Unifier
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-33728 HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Java Sinec Nms
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-25738 Maven MEDIUM PATCH This Month

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes RCE Java
NVD GitHub
CVSS 3.1
6.7
EPSS
0.5%
CVE-2021-41616 Maven CRITICAL Act Now

Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Java Ddlutils
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-41034 HIGH This Week

The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Java Che
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-41588 HIGH This Week

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Java Gradle
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-40690 Maven HIGH PATCH This Week

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Java Santuario Xml Security For Java Cxf +16
NVD
CVSS 3.1
7.5
EPSS
11.2%
CVE-2021-41303 Maven CRITICAL PATCH Act Now

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Java Authentication Bypass Shiro Financial Services Crime And Compliance Management Studio
NVD
CVSS 3.1
9.8
EPSS
76.7%
CVE-2021-39128 HIGH This Week

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ssti RCE Atlassian Java Jira Data Center +1
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2021-38163 HIGH KEV THREAT This Week

SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Java Netweaver
NVD
CVSS 3.1
8.8
EPSS
37.1%
CVE-2021-37535 CRITICAL Act Now

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Netweaver Application Server Java
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-40146 Maven CRITICAL PATCH Act Now

A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Any23
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2021-38555 Maven CRITICAL PATCH Act Now

An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Any23
NVD
CVSS 3.1
9.1
EPSS
2.8%
CVE-2021-37579 Maven CRITICAL PATCH Act Now

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Java Dubbo
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2021-40509 MEDIUM POC PATCH This Month

ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Java Jforum
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-39115 HIGH This Week

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Java Jira Service Desk Jira Service Management
NVD
CVSS 3.1
7.2
EPSS
4.5%
CVE-2021-39181 HIGH PATCH This Week

OpenOlat is a web-based learning management system (LMS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Java Openolat
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-39180 HIGH PATCH This Week

OpenOLAT is a web-based learning management system (LMS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Tomcat Path Traversal Java Openolat
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-21677 Maven HIGH PATCH This Week

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Jenkins Java Code Coverage Api
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-36981 HIGH POC PATCH This Week

In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization RCE Java Verinice
NVD GitHub
CVSS 3.1
8.8
EPSS
6.0%
CVE-2021-39177 Maven CRITICAL PATCH Act Now

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Java Authentication Bypass Geyser
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-39152 Maven HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
11.5%
CVE-2021-39150 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
3.4%
CVE-2021-39153 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Java Xstream Fedora +11
NVD GitHub
CVSS 3.1
8.5
EPSS
4.5%
CVE-2021-39139 Maven HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Java Xstream Debian Linux +13
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2021-37714 Maven HIGH PATCH This Week

jsoup is a Java library for working with HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Jsoup Quarkus Banking Trade Finance +13
NVD GitHub
CVSS 3.1
7.5
EPSS
6.9%
CVE-2021-32829 CRITICAL POC Act Now

ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Java Rest Api
NVD GitHub
CVSS 3.1
9.9
EPSS
2.9%
CVE-2021-37694 npm HIGH POC PATCH MAL This Week

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Java Java Spring Cloud Stream Template
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-20032 CRITICAL Act Now

SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sonicwall Java Analytics
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-37573 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Tiny Java Web Server
NVD
CVSS 3.1
6.1
EPSS
3.4%
CVE-2021-34371 Maven CRITICAL POC PATCH THREAT Act Now

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Java Neo4j
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
13.4%
CVE-2021-37578 Maven CRITICAL PATCH Act Now

Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Apache Java Juddi
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2021-2438 MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Java Java Virtual Machine
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-2432 LOW PATCH Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle Java Jdk Epolicy Orchestrator
NVD
CVSS 3.1
3.7
EPSS
3.7%
CVE-2021-2388 HIGH PATCH This Week

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Oracle Information Disclosure Java Openjdk Graalvm +3
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2021-2369 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java Openjdk Graalvm +3
NVD
CVSS 3.1
4.3
EPSS
3.4%
CVE-2021-2341 LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Openjdk Graalvm +4
NVD
CVSS 3.1
3.1
EPSS
4.2%
CVE-2021-32751 HIGH POC This Week

Gradle is a build tool with a focus on build automation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Command Injection Java Gradle
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-32769 Maven HIGH POC PATCH This Week

Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Java Micronaut
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-33687 MEDIUM PATCH This Month

SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

XSS SAP Information Disclosure Java Netweaver Application Server Java
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2021-33670 HIGH PATCH This Week

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-35209 CRITICAL POC Act Now

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Collaboration
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-29485 Maven HIGH PATCH This Week

Ratpack is a toolkit for creating web applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Java Ratpack
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-22119 Maven HIGH PATCH This Week

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Spring Security Communications Cloud Native Core Policy
NVD
CVSS 3.1
7.5
EPSS
6.0%
CVE-2021-0571 HIGH This Week

In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Java Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-34539 HIGH This Week

An issue was discovered in CubeCoders AMP before 2.1.1.8. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Java Amp
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-29500 HIGH This Week

bubble fireworks is an open source java package relating to Spring Framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jwt Attack Bubble Fireworks
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-33806 CRITICAL PATCH Act Now

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Java Bdlib
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-23895 HIGH This Week

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Java Database Security
NVD
CVSS 3.1
8.0
EPSS
1.9%
CVE-2021-23894 HIGH This Week

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Java Database Security
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-32647 CRITICAL POC PATCH Act Now

Emissary is a P2P based data-driven workflow engine. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Information Disclosure Java Emissary
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2021-30179 Maven CRITICAL PATCH Act Now

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Java Dubbo
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2021-29505 Maven HIGH POC PATCH THREAT This Week

XStream is software for serializing Java objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Java Xstream Debian Linux +15
NVD GitHub
CVSS 3.1
8.8
EPSS
77.7%
CVE-2021-22118 Maven HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Java Spring Framework Commerce Guided Search Communications Brm Elastic Charging Engine +29
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-20492 HIGH PATCH This Week

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Java Websphere Application Server
NVD
CVSS 3.1
8.2
EPSS
2.1%
CVE-2021-32634 HIGH PATCH This Week

Emissary is a distributed, peer-to-peer, data-driven workflow framework. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Java Emissary
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-29506 Maven MEDIUM PATCH This Month

GraphHopper is an open-source Java routing engine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Graphhopper
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-20202 Maven HIGH PATCH This Week

A flaw was found in keycloak. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Java Keycloak
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-21428 Maven HIGH POC PATCH This Week

Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Java Openapi Generator
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2021-26077 Maven HIGH POC PATCH This Week

Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Atlassian Authentication Bypass Connect Spring Boot
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-1478 MEDIUM This Month

A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Java Authentication Bypass Hosted Collaboration Mediation Fulfillment +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-30048 MEDIUM POC This Month

Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Novel Boutique House Plus
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-31408 Maven HIGH PATCH This Week

Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

CSRF Java Flow Vaadin
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-2302 CRITICAL PATCH Act Now

Vulnerability in the Oracle Platform Security for Java product of Oracle Fusion Middleware (component: OPSS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Java Platform Security For Java
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2021-2234 MEDIUM PATCH This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Authentication Bypass Oracle Java Database Server
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-2163 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Jdk Jre +9
NVD
CVSS 3.1
5.3
EPSS
3.6%
CVE-2021-2161 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Jdk Jre +10
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2021-26074 Maven MEDIUM PATCH This Month

Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Atlassian Authentication Bypass Connect Spring Boot
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-27850 Maven CRITICAL POC PATCH THREAT Act Now

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apache Information Disclosure Java Tapestry
NVD
CVSS 3.1
9.8
EPSS
94.1%
CVE-2021-27604 MEDIUM This Month

In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Java Netweaver Process Integration
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-29428 HIGH POC PATCH This Week

In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Apple Microsoft Privilege Escalation Java Gradle +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-28472 HIGH PATCH This Week

Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Java Vscode Maven
NVD
CVSS 3.1
7.8
EPSS
63.0%
CVE-2021-27601 MEDIUM This Month

SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-27598 MEDIUM This Month

SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Netweaver Application Server Java
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-21485 MEDIUM This Month

An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-0443 MEDIUM PATCH This Month

In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required.

Google Information Disclosure Race Condition Java Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2021-29429 MEDIUM POC This Month

In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Gradle Quarkus
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
EPSS 1% CVSS 7.1
HIGH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Information Disclosure Java +1
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +14
NVD
EPSS 4% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle Java +14
NVD
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java +14
NVD
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java +14
NVD
EPSS 3% CVSS 6.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Java +16
NVD
EPSS 7% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java +14
NVD
EPSS 5% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java +14
NVD
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java +14
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Oracle Information Disclosure Java +6
NVD
EPSS 15% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle Java +14
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +14
NVD
EPSS 7% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +13
NVD
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Java Java Html Sanitizer +2
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Java +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes RCE Java
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Java +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Java +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Java Gradle
NVD
EPSS 11% CVSS 7.5
HIGH PATCH This Week

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Java +18
NVD
EPSS 77% CVSS 9.8
CRITICAL PATCH Act Now

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Java Authentication Bypass +2
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ssti RCE Atlassian +3
NVD
EPSS 37% CVSS 8.8
HIGH KEV THREAT This Week

SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Java +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass +1
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Any23
NVD
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Any23
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Java +1
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Java Jforum
NVD
EPSS 4% CVSS 7.2
HIGH This Week

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Java +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

OpenOlat is a web-based learning management system (LMS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Java Openolat
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

OpenOLAT is a web-based learning management system (LMS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Tomcat Path Traversal Java +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Jenkins +2
NVD
EPSS 6% CVSS 8.8
HIGH POC PATCH This Week

In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization RCE Java +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Java Authentication Bypass Geyser
NVD GitHub
EPSS 11% CVSS 8.5
HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream +14
NVD GitHub
EPSS 3% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream +14
NVD GitHub
EPSS 4% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Java +13
NVD GitHub
EPSS 5% CVSS 8.8
HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Java +15
NVD GitHub
EPSS 7% CVSS 7.5
HIGH PATCH This Week

jsoup is a Java library for working with HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Jsoup +15
NVD GitHub
EPSS 3% CVSS 9.9
CRITICAL POC Act Now

ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Java +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Java +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sonicwall Java +1
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Tiny Java Web Server
NVD
EPSS 13% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Java +1
NVD Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Apache +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Java +1
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle Java +2
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Oracle Information Disclosure Java +5
NVD
EPSS 3% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java +5
NVD
EPSS 4% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +6
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

Gradle is a build tool with a focus on build automation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Command Injection Java +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Java Micronaut
NVD GitHub
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

XSS SAP Information Disclosure +2
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service SAP Java +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Collaboration
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Ratpack is a toolkit for creating web applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Java +1
NVD GitHub
EPSS 6% CVSS 7.5
HIGH PATCH This Week

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Spring Security +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Java +2
NVD
EPSS 1% CVSS 7.2
HIGH This Week

An issue was discovered in CubeCoders AMP before 2.1.1.8. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Java +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

bubble fireworks is an open source java package relating to Spring Framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jwt Attack +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Java +1
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Java Database Security
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Java Database Security
NVD
EPSS 3% CVSS 9.1
CRITICAL POC PATCH Act Now

Emissary is a P2P based data-driven workflow engine. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Information Disclosure Java +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Java +1
NVD
EPSS 78% CVSS 8.8
HIGH POC PATCH THREAT This Week

XStream is software for serializing Java objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Java +17
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Java Spring Framework +31
NVD
EPSS 2% CVSS 8.2
HIGH PATCH This Week

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Java +1
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Emissary is a distributed, peer-to-peer, data-driven workflow framework. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Java +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

GraphHopper is an open-source Java routing engine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Graphhopper
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

A flaw was found in keycloak. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Java Keycloak
NVD
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Java Openapi Generator
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Atlassian Authentication Bypass +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Java +3
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Novel Boutique House Plus
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

CSRF Java Flow +1
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

Vulnerability in the Oracle Platform Security for Java product of Oracle Fusion Middleware (component: OPSS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Java +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Authentication Bypass Oracle Java +1
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +11
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +12
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Atlassian Authentication Bypass +1
NVD
EPSS 94% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apache Information Disclosure +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Java +1
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Apple Microsoft Privilege Escalation +3
NVD GitHub
EPSS 63% CVSS 7.8
HIGH PATCH This Week

Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Java Vscode Maven
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Java +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Java +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required.

Google Information Disclosure Race Condition +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Gradle +1
NVD GitHub
Prev Page 18 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy