Skip to main content

Java

3273 CVEs product

Monthly

CVE-2020-25022 CRITICAL PATCH Act Now

An issue was discovered in Noise-Java through 2020-08-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Java Information Disclosure Noise Java
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-25021 CRITICAL PATCH Act Now

An issue was discovered in Noise-Java through 2020-08-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Java Information Disclosure Noise Java
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-23814 Maven MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Xxl Job
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-24786 CRITICAL Act Now

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Zoho Microsoft Authentication Bypass Manageengine Adselfservice Plus +10
NVD
CVSS 3.1
9.8
EPSS
12.8%
CVE-2020-15777 Maven HIGH PATCH This Week

An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java RCE Privilege Escalation Deserialization Maven
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-15858 MEDIUM This Month

Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Bgs5 Firmware Ehs5 Firmware Ehs8 Firmware +6
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2020-5412 Maven MEDIUM POC PATCH THREAT This Month

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Cloud Netflix
NVD
CVSS 3.1
6.5
EPSS
10.2%
CVE-2020-8574 HIGH This Week

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java RCE Active Iq Unified Manager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5413 Maven CRITICAL PATCH Act Now

Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Deserialization Spring Integration Banking Corporate Lending Process Management Banking Credit Facilities Process Management +5
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-14307 MEDIUM This Month

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Red Hat Amq Jboss Enterprise Application Platform Continuous Delivery +3
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-2968 HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable.

Java Oracle Information Disclosure Database Server
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2020-14664 HIGH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre +13
NVD
CVSS 3.1
8.3
EPSS
4.2%
CVE-2020-14621 MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +21
NVD
CVSS 3.1
5.3
EPSS
4.3%
CVE-2020-14593 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass Openjdk Jdk +18
NVD
CVSS 3.1
7.4
EPSS
3.9%
CVE-2020-14583 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Openjdk Jdk +18
NVD
CVSS 3.1
8.3
EPSS
4.0%
CVE-2020-14581 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Openjdk Jdk +19
NVD
CVSS 3.1
3.7
EPSS
3.3%
CVE-2020-14579 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Openjdk Jdk +19
NVD
CVSS 3.1
3.7
EPSS
4.0%
CVE-2020-14578 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Openjdk Jdk +19
NVD
CVSS 3.1
3.7
EPSS
4.0%
CVE-2020-14577 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Openjdk Jdk +18
NVD
CVSS 3.1
3.7
EPSS
3.3%
CVE-2020-14573 LOW PATCH Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk E Series Santricity Os Controller +7
NVD
CVSS 3.1
3.7
EPSS
3.4%
CVE-2020-14562 MEDIUM PATCH This Month

Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Oracle Jdk E Series Santricity Os Controller +7
NVD
CVSS 3.1
5.3
EPSS
5.2%
CVE-2020-14556 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Openjdk Jdk +18
NVD
CVSS 3.1
4.8
EPSS
3.0%
CVE-2020-9297 CRITICAL PATCH Act Now

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java RCE Titus
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-6287 CRITICAL POC KEV THREAT Act Now

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SAP Authentication Bypass Netweaver Application Server Java
NVD GitHub
CVSS 3.1
10.0
EPSS
94.7%
CVE-2020-6286 MEDIUM This Month

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Path Traversal Netweaver Application Server Java
NVD
CVSS 3.1
5.3
EPSS
28.3%
CVE-2020-6285 MEDIUM This Month

SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SAP Information Disclosure Netweaver
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-6282 MEDIUM This Month

SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SSRF SAP Netweaver Application Server Java
NVD
CVSS 3.1
5.8
EPSS
1.1%
CVE-2020-5604 HIGH This Week

Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Java RCE Mercari
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2020-3402 HIGH This Week

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Authentication Bypass Unified Customer Voice Portal
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-14940 HIGH POC This Week

An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Tuxguitar
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-11989 Maven CRITICAL PATCH Act Now

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Authentication Bypass Shiro
NVD
CVSS 3.1
9.8
EPSS
24.4%
CVE-2020-9296 Maven CRITICAL PATCH Act Now

Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Conductor
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-13651 HIGH This Week

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Digdash
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-5411 Maven HIGH PATCH This Week

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java RCE Deserialization Spring Batch
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2020-0219 HIGH PATCH This Week

In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Google Java Null Pointer Dereference Denial Of Service Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0201 CRITICAL PATCH Act Now

In showSecurityFields of WifiConfigController.java there is a possible credential leak due to a confused deputy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Java Privilege Escalation Android
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-6263 CRITICAL Act Now

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Netweaver Application Server Java
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-9040 HIGH This Week

Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Couchbase Server Java Sdk
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-11975 Maven CRITICAL POC PATCH THREAT Act Now

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Java Information Disclosure Unomi
NVD
CVSS 3.1
9.8
EPSS
29.9%
CVE-2020-5410 Maven HIGH POC KEV PATCH THREAT This Week

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Spring Cloud Config
NVD GitHub
CVSS 3.1
7.5
EPSS
95.6%
CVE-2020-3280 CRITICAL Act Now

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Deserialization RCE Unified Contact Center Express
NVD
CVSS 3.1
9.8
EPSS
6.9%
CVE-2020-12835 CRITICAL POC THREAT Act Now

An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization Readyapi
NVD
CVSS 3.1
9.8
EPSS
11.7%
CVE-2020-13128 HIGH POC This Week

An issue was discovered in Manolo GWTUpload 1.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Java Denial Of Service Gwtupload
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-5408 Maven MEDIUM PATCH This Month

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Security
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-11973 Maven CRITICAL PATCH Act Now

Apache Camel Netty enables Java deserialization by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization Camel Communications Diameter Signaling Router +2
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-11972 Maven CRITICAL PATCH Act Now

Apache Camel RabbitMQ enables Java deserialization by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization Camel Communications Diameter Signaling Router +2
NVD
CVSS 3.1
9.8
EPSS
5.5%
CVE-2020-1945 Maven MEDIUM PATCH This Month

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. Rated medium severity (CVSS 6.3). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Apache Java Information Disclosure Ant Ubuntu Linux +48
NVD
CVSS 3.1
6.3
EPSS
1.8%
CVE-2020-1714 Maven HIGH PATCH This Week

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Java RCE Keycloak Decision Manager Jboss Fuse +4
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-5407 Maven HIGH PATCH This Week

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Jwt Attack Spring Security
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-12760 Maven HIGH PATCH This Week

An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Deserialization Opennms Horizon Opennms Meridian
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2020-1959 Maven CRITICAL PATCH Act Now

A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java RCE Syncope
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2020-12133 CRITICAL POC Act Now

The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization Electric Consciousmap
NVD
CVSS 3.1
9.8
EPSS
9.9%
CVE-2020-2830 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Oracle Jdk Jre +19
NVD
CVSS 3.1
5.3
EPSS
4.9%
CVE-2020-2816 HIGH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass Jdk Jre +17
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-2805 HIGH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre +18
NVD
CVSS 3.1
8.3
EPSS
4.1%
CVE-2020-2803 HIGH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre +18
NVD
CVSS 3.1
8.3
EPSS
6.2%
CVE-2020-2800 MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Jdk Jre +18
NVD
CVSS 3.1
4.8
EPSS
2.9%
CVE-2020-2781 MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Oracle Jdk Jre +19
NVD
CVSS 3.1
5.3
EPSS
4.9%
CVE-2020-2778 LOW Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Jdk Jre +18
NVD
CVSS 3.1
3.7
EPSS
2.3%
CVE-2020-2773 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle Jdk Jre +19
NVD
CVSS 3.1
3.7
EPSS
3.6%
CVE-2020-2767 MEDIUM This Month

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Jdk Jre +18
NVD
CVSS 3.1
4.8
EPSS
2.1%
CVE-2020-2764 LOW Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: Advanced Management Console). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Java Advanced Management Console
NVD
CVSS 3.1
3.7
EPSS
2.4%
CVE-2020-2757 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Java Denial Of Service Deserialization Jdk +20
NVD
CVSS 3.1
3.7
EPSS
4.2%
CVE-2020-2756 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Java Denial Of Service Deserialization Jdk +19
NVD
CVSS 3.1
3.7
EPSS
4.2%
CVE-2020-2755 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle Jdk Jre +18
NVD
CVSS 3.1
3.7
EPSS
3.9%
CVE-2020-2754 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle Jdk Jre +10
NVD
CVSS 3.1
3.7
EPSS
4.1%
CVE-2020-2735 HIGH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Database Server
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2020-6224 MEDIUM This Month

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SAP Information Disclosure Netweaver Application Server Java
NVD
CVSS 3.1
6.2
EPSS
1.1%
CVE-2020-9004 HIGH POC This Week

A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Streaming Engine
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-11002 Maven HIGH POC PATCH This Week

dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java RCE Dropwizard Validation
NVD GitHub
CVSS 3.1
8.8
EPSS
5.2%
CVE-2020-11619 Maven HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Deserialization Jackson Databind Debian Linux Active Iq Unified Manager +18
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
1.3%
CVE-2020-4325 MEDIUM This Month

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java IBM Information Disclosure Cloud Pak For Automation Process Federation Server
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-10992 CRITICAL POC Act Now

Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Azkaban
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-10990 CRITICAL PATCH Act Now

An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Mercury
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-1957 Maven CRITICAL PATCH Act Now

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Authentication Bypass Shiro Debian Linux
NVD
CVSS 3.1
9.8
EPSS
24.2%
CVE-2020-10194 MEDIUM PATCH This Month

cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Java Authentication Bypass Zm Mailbox
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-1947 Maven CRITICAL PATCH Act Now

In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization Shardingsphere
NVD
CVSS 3.1
9.8
EPSS
33.9%
CVE-2020-6202 HIGH This Week

SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SAP Information Disclosure Netweaver Application Server Java
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-0060 MEDIUM This Month

In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Java SQLi Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-5327 CRITICAL PATCH Act Now

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Microsoft Deserialization Dell RCE +1
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-5405 Maven MEDIUM POC PATCH THREAT This Month

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Spring Cloud Config
NVD
CVSS 3.1
6.5
EPSS
68.8%
CVE-2020-9761 CRITICAL Act Now

An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Asycuda World
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-5245 Maven HIGH POC PATCH This Week

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java RCE Dropwizard Validation Blockchain Platform
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-6190 MEDIUM This Month

Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Information Disclosure Netweaver Application Server Java
NVD
CVSS 3.1
5.8
EPSS
0.9%
CVE-2020-5529 Maven HIGH PATCH This Week

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Java RCE Htmlunit Debian Linux +2
NVD GitHub
CVSS 3.1
8.1
EPSS
4.7%
CVE-2020-7226 Maven HIGH POC PATCH This Week

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Cryptacular Communications Services Gatekeeper Webcenter Sites +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-7931 HIGH POC This Week

In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Artifactory
NVD GitHub
CVSS 3.1
8.8
EPSS
5.5%
CVE-2020-5397 Maven MEDIUM POC PATCH This Month

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Java CSRF Spring Framework Application Testing Suite +25
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2020-5398 Maven HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Spring Framework Application Testing Suite Communications Billing And Revenue Management Elastic Charging Engine +30
NVD
CVSS 3.1
7.5
EPSS
88.1%
CVE-2020-2659 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +21
NVD
CVSS 3.1
3.7
EPSS
4.2%
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Noise-Java through 2020-08-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Java Information Disclosure +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Noise-Java through 2020-08-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Java Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Xxl Job
NVD GitHub
EPSS 13% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Zoho Microsoft +12
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java RCE Privilege Escalation +2
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Bgs5 Firmware +8
NVD
EPSS 10% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Cloud Netflix
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java RCE Active Iq Unified Manager
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Deserialization Spring Integration +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Red Hat +5
NVD
EPSS 1% CVSS 8.0
HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable.

Java Oracle Information Disclosure +1
NVD
EPSS 4% CVSS 8.3
HIGH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure +15
NVD
EPSS 4% CVSS 5.3
MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass +23
NVD
EPSS 4% CVSS 7.4
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass +20
NVD
EPSS 4% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +20
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +21
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +21
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +21
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +20
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +9
NVD
EPSS 5% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Oracle +9
NVD
EPSS 3% CVSS 4.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +20
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java RCE Titus
NVD GitHub
EPSS 95% CVSS 10.0
CRITICAL POC KEV THREAT Act Now

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SAP Authentication Bypass +1
NVD GitHub
EPSS 28% CVSS 5.3
MEDIUM This Month

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Path Traversal +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SAP Information Disclosure +1
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SSRF SAP +1
NVD
EPSS 2% CVSS 8.1
HIGH This Week

Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Java RCE +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Authentication Bypass +1
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Tuxguitar
NVD
EPSS 24% CVSS 9.8
CRITICAL PATCH Act Now

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Authentication Bypass +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Conductor
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Digdash
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java RCE Deserialization +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Google Java Null Pointer Dereference +2
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In showSecurityFields of WifiConfigController.java there is a possible credential leak due to a confused deputy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Java Privilege Escalation +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Couchbase Server Java Sdk
NVD
EPSS 30% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Java Information Disclosure +1
NVD
EPSS 96% CVSS 7.5
HIGH POC KEV PATCH THREAT This Week

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Spring Cloud Config
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Deserialization +2
NVD
EPSS 12% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in Manolo GWTUpload 1.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Java Denial Of Service +1
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Security
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

Apache Camel Netty enables Java deserialization by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization +4
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

Apache Camel RabbitMQ enables Java deserialization by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization +4
NVD
EPSS 2% CVSS 6.3
MEDIUM PATCH This Month

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. Rated medium severity (CVSS 6.3). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Apache Java Information Disclosure +50
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Java RCE Keycloak +6
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Jwt Attack +1
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Deserialization +2
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java RCE +1
NVD
EPSS 10% CVSS 9.8
CRITICAL POC Act Now

The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization +1
NVD
EPSS 5% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Oracle +21
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass +19
NVD
EPSS 4% CVSS 8.3
HIGH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure +20
NVD
EPSS 6% CVSS 8.3
HIGH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure +20
NVD
EPSS 3% CVSS 4.8
MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +20
NVD
EPSS 5% CVSS 5.3
MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Oracle +21
NVD
EPSS 2% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +20
NVD
EPSS 4% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle +21
NVD
EPSS 2% CVSS 4.8
MEDIUM This Month

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +20
NVD
EPSS 2% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: Advanced Management Console). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +1
NVD
EPSS 4% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Java Denial Of Service +22
NVD
EPSS 4% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Java Denial Of Service +21
NVD
EPSS 4% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle +20
NVD
EPSS 4% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle +12
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure +1
NVD
EPSS 1% CVSS 6.2
MEDIUM This Month

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SAP Information Disclosure +1
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Streaming Engine
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC PATCH This Week

dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java RCE Dropwizard Validation
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Deserialization Jackson Databind +20
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java IBM Information Disclosure +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Azkaban
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Mercury
NVD GitHub
EPSS 24% CVSS 9.8
CRITICAL PATCH Act Now

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Authentication Bypass +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Java Authentication Bypass Zm Mailbox
NVD GitHub
EPSS 34% CVSS 9.8
CRITICAL PATCH Act Now

In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SAP Information Disclosure +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Java SQLi +2
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Microsoft Deserialization +3
NVD
EPSS 69% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Spring Cloud Config
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Asycuda World
NVD
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java RCE Dropwizard Validation +1
NVD GitHub
EPSS 1% CVSS 5.8
MEDIUM This Month

Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Information Disclosure +1
NVD
EPSS 5% CVSS 8.1
HIGH PATCH This Week

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Java RCE +4
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Cryptacular +3
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC This Week

In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Artifactory
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Java CSRF +27
NVD
EPSS 88% CVSS 7.5
HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Spring Framework +32
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +23
NVD
Prev Page 20 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy