Skip to main content

Java

3273 CVEs product

Monthly

CVE-2019-1010201 MEDIUM This Month

Jeesite 1.2.7 is affected by: SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Java Information Disclosure Jeesite
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-11696 HIGH POC This Week

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-1010202 MEDIUM POC This Month

Jeesite 1.2.7 is affected by: XML External Entity (XXE). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Java Information Disclosure Jeesite
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-1010245 CRITICAL POC PATCH Act Now

The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Open Network Operating System
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-1010250 MEDIUM POC This Month

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Open Network Operating System
NVD
CVSS 3.0
4.9
EPSS
1.1%
CVE-2019-1010249 MEDIUM POC This Month

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Integer Overflow Buffer Overflow Open Network Operating System
NVD
CVSS 3.0
4.9
EPSS
1.1%
CVE-2019-11772 CRITICAL Act Now

In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Buffer Overflow Memory Corruption Openj9
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-10352 Maven MEDIUM POC PATCH THREAT This Month

A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Jenkins
NVD
CVSS 3.0
6.5
EPSS
10.2%
CVE-2019-13624 CRITICAL PATCH Act Now

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Onos
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-13623 HIGH POC This Week

In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal RCE Ghidra
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
5.0%
CVE-2019-1010018 MEDIUM PATCH This Month

Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Java Zammad
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-0327 HIGH This Week

SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java File Upload SAP Netweaver Application Server Java
NVD
CVSS 3.0
7.2
EPSS
2.1%
CVE-2019-0318 MEDIUM This Month

Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure SAP Netweaver Application Server Java
NVD
CVSS 3.0
5.3
EPSS
1.4%
CVE-2019-9186 CRITICAL Act Now

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Intellij Idea
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2019-11272 Maven HIGH PATCH This Week

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Security Debian Linux
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2019-10257 HIGH POC This Week

Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Hr Portal
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-11269 Maven MEDIUM POC PATCH This Month

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Open Redirect Spring Security Oauth Banking Corporate Lending
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
8.9%
CVE-2019-0305 MEDIUM This Month

Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java SAP Netweaver Process Integration
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2019-10334 Maven MEDIUM PATCH This Month

Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Electricflow
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-12741 Maven MEDIUM PATCH This Month

XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Hapi Fhir
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-3802 Maven MEDIUM PATCH This Month

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Data Java Persistance Api
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-12086 Maven HIGH POC PATCH THREAT This Week

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Deserialization Jackson Databind Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
21.9%
CVE-2019-11082 Maven HIGH PATCH This Week

core/api/datasets/internal/actions/Explode.java in the Dataset API in DKPro Core through 1.10.0 allows Directory Traversal, resulting in the overwrite of local files with the contents of an archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Dkpro Core
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2019-11642 HIGH This Week

A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE Oneshield Policy
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-3799 Maven MEDIUM POC PATCH THREAT This Month

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Spring Cloud Config Communications Cloud Native Core Policy
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
85.3%
CVE-2019-3797 Maven MEDIUM PATCH This Month

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Spring Data Java Persistence Api
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2019-3559 HIGH PATCH This Week

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Thrift
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-3801 CRITICAL Act Now

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Java Cf Deployment Credhub Uaa Release
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2019-2699 CRITICAL PATCH Act Now

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Java Microsoft Information Disclosure Oracle Jdk +1
NVD
CVSS 3.1
9.0
EPSS
2.9%
CVE-2019-2698 HIGH POC PATCH THREAT This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Java Information Disclosure Oracle Jdk Jre +13
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
12.0%
CVE-2019-2697 HIGH POC PATCH THREAT This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Java Information Disclosure Oracle Jdk Jre +8
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
11.5%
CVE-2019-2684 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +15
NVD
CVSS 3.1
5.9
EPSS
37.6%
CVE-2019-2602 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Oracle Jdk Jre +14
NVD
CVSS 3.1
7.5
EPSS
7.4%
CVE-2019-2518 HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Java Information Disclosure Oracle Database Server
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-10245 HIGH PATCH This Week

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Openj9 Satellite Enterprise Linux +3
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-0282 MEDIUM This Month

Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java SAP Netweaver Process Integration
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2019-3795 Maven MEDIUM PATCH This Month

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Security Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2019-10908 CRITICAL PATCH Act Now

In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Privilege Escalation Apache Airsonic
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-10907 CRITICAL PATCH Act Now

Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Airsonic
NVD GitHub
CVSS 3.0
9.8
EPSS
0.9%
CVE-2019-0275 MEDIUM This Month

SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java SAP Netweaver Application Server Java
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-1003039 Maven HIGH PATCH This Week

An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Appdynamics
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003038 Maven HIGH PATCH This Week

An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Repository Connector
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-1003037 Maven MEDIUM PATCH This Month

An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Microsoft Jenkins Authentication Bypass +1
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-1003036 Maven MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Java Microsoft Azure Vm Agents
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-1003035 Maven MEDIUM PATCH This Month

An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Microsoft Jenkins Authentication Bypass +1
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-1003033 Maven HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE Groovy
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-1003032 Maven CRITICAL PATCH Act Now

A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE Email Extension
NVD
CVSS 3.1
9.9
EPSS
2.4%
CVE-2019-1003031 Maven CRITICAL PATCH Act Now

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE Matrix Project Openshift Container Platform
NVD
CVSS 3.1
9.9
EPSS
3.4%
CVE-2019-1003030 Maven CRITICAL POC KEV PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Pipeline Openshift Container Platform
NVD Exploit-DB
CVSS 3.1
9.9
EPSS
75.6%
CVE-2019-1003029 Maven CRITICAL POC KEV PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Script Security Openshift Container Platform
NVD GitHub
CVSS 3.1
9.9
EPSS
73.9%
CVE-2019-3778 Maven MEDIUM POC PATCH THREAT This Month

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Open Redirect Spring Security Oauth Banking Corporate Lending
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
15.6%
CVE-2019-9624 HIGH POC THREAT Act Now

Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Java RCE Webmin
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
23.7%
CVE-2019-0741 HIGH PATCH This Week

An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information, aka 'Azure IoT Java SDK Information Disclosure Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Microsoft Information Disclosure Java Software Development Kit
NVD
CVSS 3.0
7.5
EPSS
7.4%
CVE-2019-0729 CRITICAL PATCH Act Now

An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Microsoft Information Disclosure Java Software Development Kit
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2019-8982 CRITICAL POC THREAT Act Now

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Wavemarker Studio
NVD Exploit-DB
CVSS 3.0
9.6
EPSS
25.6%
CVE-2019-1003028 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins Jms Messaging
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2019-1003027 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins Octopusdeploy
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2019-1003026 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost SSRF Jenkins Java
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2019-1003025 Maven HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Jenkins Cloud Foundry
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-1003024 Maven HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE Script Security Openshift Container Platform
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-1003023 Maven MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Jenkins Warnings Next Generation
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-1003022 Maven MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Jenkins CSRF Monitoring
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-1003020 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins Kanboard
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2019-1003019 Maven MEDIUM PATCH This Month

An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Session Fixation Jenkins Github Oauth
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2019-1003017 Maven MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins CSRF Job Import
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2019-1003016 Maven HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Job Import
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-1003015 Maven CRITICAL PATCH Act Now

An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Denial Of Service Jenkins Job Import
NVD
CVSS 3.0
9.1
EPSS
1.8%
CVE-2019-1003013 Maven MEDIUM PATCH This Month

An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Jenkins Blue Ocean Openshift Container Platform
NVD
CVSS 3.0
5.4
EPSS
1.2%
CVE-2019-1003012 Maven MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Blue Ocean Openshift Container Platform
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-1003011 Maven HIGH PATCH This Week

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Jenkins Information Disclosure Token Macro +1
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2019-1003010 Maven MEDIUM PATCH This Month

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Git Openshift Container Platform
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-1003009 Maven HIGH PATCH This Week

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java,. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Active Directory
NVD
CVSS 3.0
7.4
EPSS
0.8%
CVE-2019-1003008 Maven HIGH This Week

A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins RCE CSRF Warnings Next Generation
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-1003007 Maven HIGH PATCH This Week

A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins RCE CSRF Warnings
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-1003006 Maven HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Jenkins RCE Groovy
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-1003005 Maven HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Script Security
NVD GitHub
CVSS 3.1
8.8
EPSS
19.0%
CVE-2019-6503 CRITICAL POC Act Now

There is a deserialization vulnerability in Chatopera cosin v3.10.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Cosin
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-1003004 Maven HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2019-1003003 Maven HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2019-1003001 Maven HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Pipeline Openshift Container Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
86.2%
CVE-2019-1003000 Maven HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Script Security Openshift Container Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
98.4%
CVE-2019-3774 Maven CRITICAL PATCH Act Now

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Spring Batch
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-3773 Maven CRITICAL PATCH Act Now

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Spring Web Services Financial Services Analytical Applications Infrastructure Flexcube Private Banking
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-3772 Maven CRITICAL PATCH Act Now

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Spring Integration Retail Customer Management And Segmentation Foundation
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-2547 LOW PATCH Monitor

Vulnerability in the Java VM component of Oracle Database Server. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Java Denial Of Service Oracle Database Server
NVD
CVSS 3.0
3.5
EPSS
1.0%
CVE-2019-2540 MEDIUM PATCH This Month

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Java Advanced Management Console
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-2449 LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +9
NVD
CVSS 3.1
3.1
EPSS
3.0%
CVE-2019-2426 LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +5
NVD
CVSS 3.1
3.7
EPSS
2.6%
CVE-2019-2422 LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +16
NVD
CVSS 3.1
3.1
EPSS
3.4%
CVE-2019-5748 CRITICAL PATCH Act Now

In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Server
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
EPSS 1% CVSS 6.5
MEDIUM This Month

Jeesite 1.2.7 is affected by: SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Java Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Mozilla Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Jeesite 1.2.7 is affected by: XML External Entity (XXE). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Java Information Disclosure +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Open Network Operating System
NVD
EPSS 1% CVSS 4.9
MEDIUM POC This Month

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Open Network Operating System
NVD
EPSS 1% CVSS 4.9
MEDIUM POC This Month

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Integer Overflow Buffer Overflow +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Buffer Overflow Memory Corruption +1
NVD
EPSS 10% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Jenkins
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Onos
NVD
EPSS 5% CVSS 7.8
HIGH POC This Week

In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal RCE +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Java Zammad
NVD GitHub
EPSS 2% CVSS 7.2
HIGH This Week

SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java File Upload SAP +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure SAP +1
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Intellij Idea
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Security +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Hr Portal
NVD
EPSS 9% CVSS 5.4
MEDIUM POC PATCH This Month

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Open Redirect Spring Security Oauth +1
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM This Month

Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java SAP +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Hapi Fhir
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Data Java Persistance Api
NVD
EPSS 22% CVSS 7.5
HIGH POC PATCH THREAT This Week

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Deserialization Jackson Databind +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

core/api/datasets/internal/actions/Explode.java in the Dataset API in DKPro Core through 1.10.0 allows Directory Traversal, resulting in the overwrite of local files with the contents of an archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Dkpro Core
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE +1
NVD
EPSS 85% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Spring Cloud Config +1
NVD Exploit-DB
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Spring Data Java Persistence Api
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Thrift
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Java Cf Deployment +2
NVD
EPSS 3% CVSS 9.0
CRITICAL PATCH Act Now

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Java Microsoft Information Disclosure +3
NVD
EPSS 12% CVSS 8.1
HIGH POC PATCH THREAT This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Java Information Disclosure Oracle +15
NVD Exploit-DB
EPSS 11% CVSS 8.1
HIGH POC PATCH THREAT This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Java Information Disclosure Oracle +10
NVD Exploit-DB
EPSS 38% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +17
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Oracle +16
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Java Information Disclosure Oracle +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Openj9 +5
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java SAP +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Security +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Privilege Escalation Apache +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Airsonic
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java SAP +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Microsoft +3
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Java +2
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Microsoft +3
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE +1
NVD
EPSS 2% CVSS 9.9
CRITICAL PATCH Act Now

A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE +1
NVD
EPSS 3% CVSS 9.9
CRITICAL PATCH Act Now

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE +2
NVD
EPSS 76% CVSS 9.9
CRITICAL POC KEV PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE +2
NVD Exploit-DB
EPSS 74% CVSS 9.9
CRITICAL POC KEV PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE +2
NVD GitHub
EPSS 16% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Open Redirect Spring Security Oauth +1
NVD Exploit-DB
EPSS 24% CVSS 7.8
HIGH POC THREAT Act Now

Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Java RCE +1
NVD Exploit-DB
EPSS 7% CVSS 7.5
HIGH PATCH This Week

An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information, aka 'Azure IoT Java SDK Information Disclosure Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Microsoft Information Disclosure +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Microsoft Information Disclosure +1
NVD
EPSS 26% CVSS 9.6
CRITICAL POC THREAT Act Now

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Wavemarker Studio
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost SSRF Jenkins +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Jenkins +1
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE +2
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Jenkins +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Jenkins +2
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins +1
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Session Fixation +2
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins CSRF +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF +1
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Denial Of Service +2
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Jenkins +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF +2
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Jenkins +3
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF +2
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java,. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins RCE +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Jenkins +2
NVD
EPSS 19% CVSS 8.8
HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

There is a deserialization vulnerability in Chatopera cosin v3.10.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Cosin
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 86% CVSS 8.8
HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE +2
NVD Exploit-DB
EPSS 98% CVSS 8.8
HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE +2
NVD Exploit-DB
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Spring Batch
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Spring Web Services +2
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Spring Integration +1
NVD
EPSS 1% CVSS 3.5
LOW PATCH Monitor

Vulnerability in the Java VM component of Oracle Database Server. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Java Denial Of Service Oracle +1
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle +1
NVD
EPSS 3% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +11
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +7
NVD
EPSS 3% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +18
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Server
NVD GitHub
Prev Page 22 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy