Skip to main content

Java

3273 CVEs product

Monthly

CVE-2021-28820 HIGH This Week

The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Java Ftl
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-28818 HIGH This Week

The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Java Rendezvous
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-21351 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.1
EPSS
82.1%
CVE-2021-21350 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
15.2%
CVE-2021-21349 Maven HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java Oncommand Insight Activemq Jmeter +14
NVD GitHub
CVSS 3.1
8.6
EPSS
46.8%
CVE-2021-21348 Maven HIGH PATCH This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Oncommand Insight Activemq Jmeter +13
NVD GitHub
CVSS 3.1
7.5
EPSS
13.8%
CVE-2021-21347 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
14.3%
CVE-2021-21346 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
76.4%
CVE-2021-21345 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.9
EPSS
72.3%
CVE-2021-21344 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
76.0%
CVE-2021-21343 Maven HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Java Oncommand Insight Activemq Jmeter +12
NVD GitHub
CVSS 3.1
7.5
EPSS
46.7%
CVE-2021-21342 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java Oncommand Insight Activemq Jmeter +12
NVD GitHub
CVSS 3.1
9.1
EPSS
50.0%
CVE-2021-21341 Maven HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Oncommand Insight Activemq Jmeter +10
NVD GitHub
CVSS 3.1
7.5
EPSS
77.8%
CVE-2021-27084 HIGH PATCH This Week

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Java Maven For Java
NVD
CVSS 3.1
7.8
EPSS
61.4%
CVE-2021-21491 MEDIUM This Month

SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-21331 Maven LOW PATCH Monitor

The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Java Datadog Api Client Java
NVD GitHub
CVSS 3.1
3.3
EPSS
0.6%
CVE-2021-22114 Maven MEDIUM PATCH This Month

Addresses partial fix in CVE-2018-1263. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java Spring Integration Zip
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-27198 CRITICAL Act Now

An issue was discovered in Visualware MyConnection Server before v11.1a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft File Upload Java Myconnection Server
NVD
CVSS 3.1
9.8
EPSS
13.6%
CVE-2021-24105 HIGH PATCH This Week

<p>Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Python RCE Apple Microsoft Node.js +2
NVD
CVSS 3.1
8.4
EPSS
2.1%
CVE-2021-20328 Maven MEDIUM PATCH This Month

Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required.

Microsoft Information Disclosure Java Java Driver Quarkus
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-22112 Maven HIGH PATCH This Week

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Spring Security Communications Element Manager Communications Interactive Session Recorder +4
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2021-27582 Maven CRITICAL POC PATCH Act Now

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Java Connect
NVD GitHub
CVSS 3.1
9.1
EPSS
2.2%
CVE-2021-22113 Maven MEDIUM PATCH This Month

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Cloud Netflix Zuul
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-3252 HIGH POC This Week

KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Xp100U Firmware
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-27335 CRITICAL POC Act Now

KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Java Kollect
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-21307 CRITICAL POC PATCH THREAT Act Now

Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Authentication Bypass Lucee Server
NVD GitHub
CVSS 3.1
9.8
EPSS
89.2%
CVE-2021-21479 Maven CRITICAL POC PATCH Act Now

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Java Scimono
NVD GitHub
CVSS 3.1
9.1
EPSS
10.0%
CVE-2021-26915 HIGH POC THREAT This Week

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java Netmotion Mobility
NVD
CVSS 3.1
8.1
EPSS
41.8%
CVE-2021-26914 HIGH POC THREAT Act Now

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java Netmotion Mobility
NVD
CVSS 3.1
8.1
EPSS
77.7%
CVE-2021-26913 HIGH POC THREAT This Week

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java Netmotion Mobility
NVD
CVSS 3.1
8.1
EPSS
13.3%
CVE-2021-26912 HIGH POC THREAT This Week

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java Netmotion Mobility
NVD
CVSS 3.1
8.1
EPSS
41.0%
CVE-2021-21292 MEDIUM PATCH This Month

Traccar is an open source GPS tracking system. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Java Traccar
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2021-3283 Go HIGH PATCH This Week

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Java Nomad
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-3160 CRITICAL Act Now

Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java Assuweb
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2021-1993 MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Oracle Java Database Server Enterprise Manager Ops Center +2
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-0317 HIGH PATCH This Week

In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Privilege Escalation Java Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-21234 Maven HIGH POC PATCH THREAT This Week

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Spring Boot Actuator Logview
NVD GitHub
CVSS 3.1
7.7
EPSS
21.2%
CVE-2020-29204 Maven MEDIUM POC PATCH This Month

XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Xxl Job
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-26282 Maven CRITICAL POC PATCH Act Now

BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Browserup Proxy
NVD GitHub
CVSS 3.1
10.0
EPSS
4.6%
CVE-2020-28052 Maven HIGH POC PATCH This Week

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java Information Disclosure Bc Java Karaf Banking Corporate Lending Process Management +17
NVD GitHub
CVSS 3.1
8.1
EPSS
7.1%
CVE-2020-35476 Maven CRITICAL POC THREAT Emergency

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Command Injection Opentsdb
NVD GitHub
CVSS 3.1
9.8
EPSS
85.3%
CVE-2020-26259 Maven MEDIUM POC PATCH THREAT This Month

XStream is a Java library to serialize objects to XML and back again. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Java Command Injection Struts Xstream Debian Linux +1
NVD GitHub
CVSS 3.1
6.8
EPSS
82.4%
CVE-2020-26258 Maven HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Struts Xstream Debian Linux +1
NVD GitHub
CVSS 3.1
7.7
EPSS
82.2%
CVE-2020-27055 HIGH PATCH This Week

In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigController2.java, there is a possible insecure WiFi configuration due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Java Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-27025 MEDIUM This Month

In EapFailureNotifier.java and SimRequiredNotifier.java, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Java Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-35460 Maven MEDIUM PATCH This Month

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Mpxj Primavera Unifier
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-8908 Maven LOW POC PATCH Monitor

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Google Java Information Disclosure Guava Quarkus +11
NVD GitHub
CVSS 3.1
3.3
EPSS
1.0%
CVE-2020-17159 HIGH PATCH This Week

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Java RCE Language Support For Java
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2020-16971 Maven HIGH PATCH This Week

Azure SDK for Java Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Microsoft Authentication Bypass Azure Sdk For Java
NVD
CVSS 3.1
7.4
EPSS
3.6%
CVE-2020-26835 MEDIUM This Month

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-26829 CRITICAL Act Now

SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Netweaver Application Server Java
NVD
CVSS 3.1
10.0
EPSS
4.7%
CVE-2020-26816 MEDIUM This Month

SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Java SAP Information Disclosure Netweaver Application Server Java
NVD
CVSS 3.1
4.5
EPSS
0.2%
CVE-2020-26234 Maven MEDIUM PATCH This Month

Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable.

Java Information Disclosure Opencast
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2020-17531 Maven CRITICAL PATCH Act Now

A Java Serialization vulnerability was found in Apache Tapestry 4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization Tapestry
NVD
CVSS 3.1
9.8
EPSS
9.7%
CVE-2020-17521 Maven MEDIUM PATCH This Month

Apache Groovy provides extension methods to aid with creating temporary directories. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apache Java Information Disclosure Groovy Snapcenter +19
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-28923 Maven LOW PATCH Monitor

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Play Framework
NVD
CVSS 3.1
2.7
EPSS
1.0%
CVE-2020-26238 Maven HIGH POC PATCH This Week

Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java RCE Cron Utils
NVD GitHub
CVSS 3.1
8.1
EPSS
4.2%
CVE-2020-27131 CRITICAL Act Now

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Microsoft Deserialization Security Manager
NVD
CVSS 3.1
9.8
EPSS
87.7%
CVE-2020-26824 CRITICAL Act Now

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Solution Manager
NVD
CVSS 3.1
10.0
EPSS
1.3%
CVE-2020-26823 CRITICAL Act Now

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Solution Manager
NVD
CVSS 3.1
10.0
EPSS
1.3%
CVE-2020-26822 CRITICAL Act Now

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Solution Manager
NVD
CVSS 3.1
10.0
EPSS
1.3%
CVE-2020-26821 CRITICAL Act Now

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Solution Manager
NVD
CVSS 3.1
10.0
EPSS
1.3%
CVE-2020-28371 CRITICAL PATCH Act Now

An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Java Integer Overflow Avian
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-17510 Maven CRITICAL PATCH Act Now

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Authentication Bypass Shiro Debian Linux
NVD
CVSS 3.1
9.8
EPSS
9.1%
CVE-2020-27978 HIGH This Week

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Identity Provider
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-27181 MEDIUM This Month

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Publixone
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-14803 MEDIUM PATCH This Month

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass Openjdk Graalvm +17
NVD
CVSS 3.1
5.3
EPSS
3.1%
CVE-2020-14798 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +16
NVD
CVSS 3.1
3.1
EPSS
2.7%
CVE-2020-14797 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +16
NVD
CVSS 3.1
3.7
EPSS
2.2%
CVE-2020-14796 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +16
NVD
CVSS 3.1
3.1
EPSS
2.5%
CVE-2020-14792 MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +17
NVD
CVSS 3.1
4.2
EPSS
2.2%
CVE-2020-14782 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +14
NVD
CVSS 3.1
3.7
EPSS
2.2%
CVE-2020-14781 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +15
NVD
CVSS 3.1
3.7
EPSS
2.3%
CVE-2020-14779 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle Openjdk Jdk +17
NVD
CVSS 3.1
3.7
EPSS
3.7%
CVE-2020-14743 LOW PATCH Monitor

Vulnerability in the Java VM component of Oracle Database Server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Java Oracle Authentication Bypass Java Virtual Machine
NVD
CVSS 3.1
3.1
EPSS
0.7%
CVE-2020-8929 LIB MEDIUM PATCH This Month

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Tink Java
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-15252 Maven HIGH POC PATCH This Week

In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2020-15250 Maven MEDIUM POC PATCH This Month

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Junit4 Debian Linux Pluto +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.7%
CVE-2020-4781 MEDIUM This Month

An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service IBM Curam Social Program Management
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-4280 HIGH POC PATCH THREAT This Week

IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java IBM Deserialization Qradar Security Information And Event Manager
NVD
CVSS 3.1
8.8
EPSS
73.5%
CVE-2020-26117 HIGH PATCH This Week

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Tigervnc Debian Linux Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
3.1%
CVE-2020-5421 Maven MEDIUM PATCH This Month

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable.

Java Authentication Bypass Spring Framework Commerce Guided Search Communications Brm +35
NVD
CVSS 3.1
6.5
EPSS
10.7%
CVE-2020-0293 MEDIUM POC This Month

In Java network APIs, there is possible access to sensitive network state due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Java Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-14519 HIGH This Week

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Codemeter
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-24164 Maven HIGH PATCH This Week

A deserialization flaw is present in Taoensso Nippy before 2.14.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java RCE Deserialization Nippy
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-15171 Maven MEDIUM PATCH This Month

In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
6.6
EPSS
1.3%
CVE-2020-11998 Maven CRITICAL PATCH Act Now

A regression has been introduced in the commit preventing JMX re-bind. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Java RCE Oracle Activemq +6
NVD
CVSS 3.1
9.8
EPSS
51.2%
CVE-2020-9733 HIGH PATCH This Week

An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Java Information Disclosure Experience Manager Experience Manager Forms
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-6326 MEDIUM This Month

SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java SAP Netweaver Knowledge Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-25023 CRITICAL PATCH Act Now

An issue was discovered in Noise-Java through 2020-08-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Java Information Disclosure Noise Java
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
EPSS 0% CVSS 7.8
HIGH This Week

The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Java +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Java +1
NVD
EPSS 82% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 15% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 47% CVSS 8.6
HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java Oncommand Insight +16
NVD GitHub
EPSS 14% CVSS 7.5
HIGH PATCH This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Oncommand Insight +15
NVD GitHub
EPSS 14% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 76% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 72% CVSS 9.9
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Java +16
NVD GitHub
EPSS 76% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 47% CVSS 7.5
HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Java Oncommand Insight +14
NVD GitHub
EPSS 50% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java Oncommand Insight +14
NVD GitHub
EPSS 78% CVSS 7.5
HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Oncommand Insight +12
NVD GitHub
EPSS 61% CVSS 7.8
HIGH PATCH This Week

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Java Maven For Java
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect SAP Java +1
NVD
EPSS 1% CVSS 3.3
LOW PATCH Monitor

The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Java Datadog Api Client Java
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Addresses partial fix in CVE-2018-1263. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java Spring Integration Zip
NVD
EPSS 14% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Visualware MyConnection Server before v11.1a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft File Upload +2
NVD
EPSS 2% CVSS 8.4
HIGH PATCH This Week

<p>Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Python RCE Apple +4
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required.

Microsoft Information Disclosure Java +2
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Spring Security +6
NVD
EPSS 2% CVSS 9.1
CRITICAL POC PATCH Act Now

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Java +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Cloud Netflix Zuul
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Xp100U Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Java +1
NVD
EPSS 89% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Authentication Bypass Lucee Server
NVD GitHub
EPSS 10% CVSS 9.1
CRITICAL POC PATCH Act Now

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Java Scimono
NVD GitHub
EPSS 42% CVSS 8.1
HIGH POC THREAT This Week

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java +1
NVD
EPSS 78% CVSS 8.1
HIGH POC THREAT Act Now

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java +1
NVD
EPSS 13% CVSS 8.1
HIGH POC THREAT This Week

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java +1
NVD
EPSS 41% CVSS 8.1
HIGH POC THREAT This Week

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java +1
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Traccar is an open source GPS tracking system. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Java +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Java +1
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java +1
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Oracle Java +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Privilege Escalation Java +2
NVD
EPSS 21% CVSS 7.7
HIGH POC PATCH THREAT This Week

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Spring Boot Actuator Logview
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Xxl Job
NVD GitHub
EPSS 5% CVSS 10.0
CRITICAL POC PATCH Act Now

BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Browserup Proxy
NVD GitHub
EPSS 7% CVSS 8.1
HIGH POC PATCH This Week

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java Information Disclosure Bc Java +19
NVD GitHub
EPSS 85% CVSS 9.8
CRITICAL POC THREAT Emergency

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Command Injection +1
NVD GitHub
EPSS 82% CVSS 6.8
MEDIUM POC PATCH THREAT This Month

XStream is a Java library to serialize objects to XML and back again. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Java Command Injection Struts +3
NVD GitHub
EPSS 82% CVSS 7.7
HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Struts +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigController2.java, there is a possible insecure WiFi configuration due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Java Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In EapFailureNotifier.java and SimRequiredNotifier.java, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Java Information Disclosure +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Mpxj +1
NVD GitHub
EPSS 1% CVSS 3.3
LOW POC PATCH Monitor

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Google Java Information Disclosure +13
NVD GitHub
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Java RCE Language Support For Java
NVD
EPSS 4% CVSS 7.4
HIGH PATCH This Week

Azure SDK for Java Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Microsoft Authentication Bypass +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java SAP +1
NVD
EPSS 5% CVSS 10.0
CRITICAL Act Now

SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass +1
NVD
EPSS 0% CVSS 4.5
MEDIUM This Month

SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Java SAP Information Disclosure +1
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable.

Java Information Disclosure Opencast
NVD GitHub
EPSS 10% CVSS 9.8
CRITICAL PATCH Act Now

A Java Serialization vulnerability was found in Apache Tapestry 4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Apache Groovy provides extension methods to aid with creating temporary directories. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apache Java Information Disclosure +21
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Play Framework
NVD
EPSS 4% CVSS 8.1
HIGH POC PATCH This Week

Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java RCE Cron Utils
NVD GitHub
EPSS 88% CVSS 9.8
CRITICAL Act Now

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Microsoft +2
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass +1
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass +1
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass +1
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Java Integer Overflow +1
NVD GitHub
EPSS 9% CVSS 9.8
CRITICAL PATCH Act Now

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Authentication Bypass +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Identity Provider
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Publixone
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass +19
NVD
EPSS 3% CVSS 3.1
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +18
NVD
EPSS 2% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +18
NVD
EPSS 2% CVSS 3.1
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +18
NVD
EPSS 2% CVSS 4.2
MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +19
NVD
EPSS 2% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +16
NVD
EPSS 2% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +17
NVD
EPSS 4% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle +19
NVD
EPSS 1% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java VM component of Oracle Database Server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Java Oracle Authentication Bypass +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Tink Java
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection +1
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Junit4 +3
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service IBM +1
NVD
EPSS 73% CVSS 8.8
HIGH POC PATCH THREAT This Week

IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java IBM Deserialization +1
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Tigervnc +2
NVD GitHub
EPSS 11% CVSS 6.5
MEDIUM PATCH This Month

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable.

Java Authentication Bypass Spring Framework +37
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

In Java network APIs, there is possible access to sensitive network state due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Java Authentication Bypass +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Codemeter
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A deserialization flaw is present in Taoensso Nippy before 2.14.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java RCE Deserialization +1
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM PATCH This Month

In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Code Injection +1
NVD GitHub
EPSS 51% CVSS 9.8
CRITICAL PATCH Act Now

A regression has been introduced in the commit preventing JMX re-bind. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Java RCE +8
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Java Information Disclosure Experience Manager +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java SAP +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Noise-Java through 2020-08-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Java Information Disclosure +1
NVD GitHub
Prev Page 19 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy