Skip to main content

Java

3273 CVEs product

Monthly

CVE-2019-5312 Maven CRITICAL POC PATCH Act Now

An issue was discovered in weixin-java-tools v3.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Java Wxjava
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-3576 CRITICAL Act Now

inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Information Disclosure Inxedu
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-6331 CRITICAL PATCH Act Now

Buck parser-cache command loads/saves state using Java serialized object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Deserialization RCE Buck
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2018-20595 Maven HIGH POC PATCH This Week

A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java CSRF Hsweb
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-1000887 MEDIUM POC This Month

Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Peel Shopping
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-20433 Maven CRITICAL PATCH Act Now

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE C3P0 Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
4.6%
CVE-2018-20318 CRITICAL POC Act Now

An issue was discovered in weixin-java-tools v3.2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Wxjava
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-17247 Maven MEDIUM PATCH This Month

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Java XXE Elasticsearch
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2018-1000881 CRITICAL POC Act Now

Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Code Injection RCE Server
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-1000817 Maven HIGH POC PATCH This Week

Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Asset Pipeline
NVD GitHub
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-15801 Maven HIGH PATCH This Week

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Authentication Bypass Spring Framework
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2018-20094 Maven HIGH POC This Week

An issue was discovered in XXL-CONF 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Xxl Conf
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-2504 MEDIUM This Month

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS SAP Netweaver Application Server Java
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2018-2503 HIGH This Week

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass SAP Netweaver Application Server Java
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2018-1904 CRITICAL PATCH Act Now

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Java Deserialization Websphere Application Server
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-20059 Maven CRITICAL POC PATCH Act Now

jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Pippo
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-1000866 Maven HIGH PATCH This Week

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins RCE Pipeline +1
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-1000865 Maven HIGH PATCH This Week

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins RCE Script Security +1
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-1000864 Maven MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service Openshift Container Platform
NVD
CVSS 3.0
6.5
EPSS
2.8%
CVE-2018-1000863 Maven HIGH POC PATCH This Week

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins Path Traversal Openshift Container Platform
NVD
CVSS 3.0
8.2
EPSS
6.8%
CVE-2018-1000862 Maven MEDIUM PATCH This Month

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openshift Container Platform
NVD
CVSS 3.0
4.3
EPSS
1.4%
CVE-2018-1000861 Maven CRITICAL POC KEV PATCH THREAT Act Now

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Deserialization RCE Openshift Container Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
98.5%
CVE-2018-20000 Maven HIGH PATCH This Week

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Bw Webdav
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-7807 HIGH This Week

Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Path Traversal Struxureware Data Center Expert
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-7806 HIGH This Week

Data Center Operation allows for the upload of a zip file from its user interface to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Path Traversal Struxureware Data Center Operation
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-11076 MEDIUM PATCH This Month

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Java Dell Information Disclosure Emc Avamar Emc Integrated Data Protection Appliance +1
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-16621 HIGH POC PATCH This Week

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Code Injection Nexus Repository Manager
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2018-19178 MEDIUM POC This Month

In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Jeesns
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-15381 CRITICAL Act Now

A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Cisco Unity Express
NVD
CVSS 3.0
9.8
EPSS
87.3%
CVE-2018-19110 MEDIUM POC This Month

The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Tianti
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-14667 Maven CRITICAL KEV PATCH THREAT Act Now

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Code Injection RCE Richfaces Enterprise Linux
NVD
CVSS 3.1
9.8
EPSS
74.2%
CVE-2018-9489 HIGH This Week

When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Java Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-9459 HIGH This Week

In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Java Privilege Escalation Path Traversal Android
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-18831 Maven HIGH This Week

An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Mcms
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-18830 Maven CRITICAL Act Now

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java File Upload Mcms
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18013 HIGH POC This Week

* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization RCE Xenmobile Server
NVD
CVSS 3.0
7.8
EPSS
2.9%
CVE-2018-18531 Maven CRITICAL Act Now

text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Kaptcha
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-15758 Maven HIGH PATCH This Week

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Privilege Escalation Spring Security Oauth
NVD
CVSS 3.0
8.1
EPSS
2.2%
CVE-2018-15756 Maven HIGH PATCH This Week

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Spring Framework Agile Plm Communications Brm Elastic Charging Engine +37
NVD
CVSS 3.1
7.5
EPSS
9.5%
CVE-2018-18434 HIGH PATCH This Week

An issue was discovered in litemall 0.9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Litemall
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-3259 CRITICAL PATCH Act Now

Vulnerability in the Java VM component of Oracle Database Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Information Disclosure Database Server
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-3214 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service Jdk Jre +12
NVD
CVSS 3.1
5.3
EPSS
7.0%
CVE-2018-3211 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serviceability). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Java Oracle Authentication Bypass Jdk Jre
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2018-3210 MEDIUM PATCH This Month

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass Glassfish Server
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-3209 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 3.1
8.3
EPSS
2.7%
CVE-2018-3183 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +12
NVD
CVSS 3.1
9.0
EPSS
2.8%
CVE-2018-3180 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Denial Of Service Jdk Jre +12
NVD
CVSS 3.1
5.6
EPSS
3.4%
CVE-2018-3169 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +11
NVD
CVSS 3.1
8.3
EPSS
4.0%
CVE-2018-3157 LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Sound). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre
NVD
CVSS 3.0
3.7
EPSS
2.5%
CVE-2018-3150 LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre
NVD
CVSS 3.0
3.7
EPSS
2.4%
CVE-2018-3149 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +12
NVD
CVSS 3.1
8.3
EPSS
7.2%
CVE-2018-3139 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +11
NVD
CVSS 3.1
3.1
EPSS
5.2%
CVE-2018-3136 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +11
NVD
CVSS 3.1
3.4
EPSS
3.6%
CVE-2018-2911 HIGH PATCH This Week

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service Authentication Bypass Glassfish Server
NVD
CVSS 3.0
8.3
EPSS
1.9%
CVE-2018-18315 HIGH This Week

com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java File Upload Lemon
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-17886 MEDIUM POC This Month

An issue was discovered in JEESNS 1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Jeesns
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-17796 CRITICAL POC Act Now

An issue was discovered in MRCMS (aka mushroom) through 3.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Mushroom Content Management System
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-1246 MEDIUM This Month

Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Dell XSS Emc Unity Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-5393 CRITICAL Act Now

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Deserialization TP-Link Eap Controller
NVD
CVSS 3.0
9.8
EPSS
12.9%
CVE-2018-11241 CRITICAL Act Now

An issue was discovered on SoftCase T-Router build 20112017 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE T Router Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-11240 CRITICAL Act Now

An issue was discovered on SoftCase T-Router build 20112017 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE T Router Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-17297 Maven HIGH PATCH This Week

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Hutool
NVD GitHub
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-12585 HIGH This Week

An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service XXE Ua Net Legacy Ua Java
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2018-11087 Maven MEDIUM PATCH This Month

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure Spring Advanced Message Queuing Protocol Rabbitmq Java Client
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2018-2462 HIGH This Week

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure SAP Netweaver
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-2452 MEDIUM This Month

The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS SAP Netweaver Application Server Java
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2018-11775 Maven HIGH PATCH This Week

TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Java Apache Information Disclosure Activemq Enterprise Repository +1
NVD
CVSS 3.0
7.4
EPSS
7.0%
CVE-2018-1567 CRITICAL PATCH Act Now

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Java Deserialization Websphere Application Server
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-7795 MEDIUM This Month

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XSS Java Powerlogic Pm5560 Firmware
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2018-1755 MEDIUM PATCH This Month

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Java IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
5.9
EPSS
3.5%
CVE-2018-1999047 Maven MEDIUM PATCH This Month

A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-1999046 Maven MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-1999045 Maven MEDIUM PATCH This Month

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-1999044 Maven MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-1999043 Maven HIGH PATCH This Week

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-1999042 Maven MEDIUM PATCH This Month

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Deserialization
NVD
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-15528 MEDIUM POC This Month

Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Sso Plugin
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-1656 MEDIUM PATCH This Month

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java IBM Path Traversal Sdk Satellite +4
NVD
CVSS 3.0
6.5
EPSS
4.5%
CVE-2018-1517 HIGH This Week

A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java IBM Information Disclosure Software Development Kit Satellite +3
NVD
CVSS 3.0
7.5
EPSS
4.0%
CVE-2018-12539 HIGH PATCH This Week

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Microsoft IBM Information Disclosure Openj9 +1
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-3110 CRITICAL PATCH Act Now

A vulnerability was discovered in the Java VM component of Oracle Database Server. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Database Server
NVD
CVSS 3.0
9.9
EPSS
2.5%
CVE-2018-14925 CRITICAL Act Now

Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Banco
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-1999041 Maven MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Tinfoil Security
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1999040 Maven HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Kubernetes Jenkins Information Disclosure
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-1999039 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Atlassian Jenkins SSRF Confluence Publisher
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2018-1999038 Maven MEDIUM PATCH This Month

A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Java Jenkins Information Disclosure Publish Over Cifs
NVD
CVSS 3.0
4.2
EPSS
0.5%
CVE-2018-1999037 Maven MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Resource Disposer
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2018-1999036 Maven MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Ssh Agent
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-1999035 Maven HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Inedo Buildmaster
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2018-1999034 Maven HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Inedo Proget
NVD
CVSS 3.0
7.4
EPSS
0.8%
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in weixin-java-tools v3.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Java Wxjava
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Information Disclosure +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Buck parser-cache command loads/saves state using Java serialized object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Deserialization RCE +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java CSRF Hsweb
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Peel Shopping
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE C3P0 +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in weixin-java-tools v3.2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Wxjava
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Java XXE +1
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Code Injection RCE +1
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Asset Pipeline
NVD GitHub
EPSS 1% CVSS 7.4
HIGH PATCH This Week

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Authentication Bypass Spring Framework
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in XXL-CONF 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Xxl Conf
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS SAP +1
NVD
EPSS 1% CVSS 7.4
HIGH This Week

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass SAP +1
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Java Deserialization +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Pippo
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins +3
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins +3
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service +1
NVD
EPSS 7% CVSS 8.2
HIGH POC PATCH This Week

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins Path Traversal +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 98% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Deserialization +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Bw Webdav
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Path Traversal Struxureware Data Center Expert
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Data Center Operation allows for the upload of a zip file from its user interface to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Path Traversal Struxureware Data Center Operation
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Java Dell Information Disclosure +3
NVD
EPSS 2% CVSS 7.2
HIGH POC PATCH This Week

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Code Injection Nexus Repository Manager
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Jeesns
NVD GitHub
EPSS 87% CVSS 9.8
CRITICAL Act Now

A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Cisco +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Tianti
NVD GitHub
EPSS 74% CVSS 9.8
CRITICAL KEV PATCH THREAT Act Now

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Code Injection RCE +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Java Information Disclosure +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Java Privilege Escalation +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Mcms
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java File Upload Mcms
NVD
EPSS 3% CVSS 7.8
HIGH POC This Week

* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization RCE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Kaptcha
NVD GitHub
EPSS 2% CVSS 8.1
HIGH PATCH This Week

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Privilege Escalation Spring Security Oauth
NVD
EPSS 10% CVSS 7.5
HIGH PATCH This Week

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Spring Framework +39
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in litemall 0.9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Litemall
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Vulnerability in the Java VM component of Oracle Database Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Information Disclosure +1
NVD
EPSS 7% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service +14
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serviceability). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Java Oracle Authentication Bypass +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass +1
NVD
EPSS 3% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +2
NVD
EPSS 3% CVSS 9.0
CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +14
NVD
EPSS 3% CVSS 5.6
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Denial Of Service +14
NVD
EPSS 4% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +13
NVD
EPSS 2% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Sound). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +2
NVD
EPSS 2% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +2
NVD
EPSS 7% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +14
NVD
EPSS 5% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +13
NVD
EPSS 4% CVSS 3.4
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +13
NVD
EPSS 2% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java File Upload Lemon
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An issue was discovered in JEESNS 1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Jeesns
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in MRCMS (aka mushroom) through 3.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Mushroom Content Management System
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Dell XSS +2
NVD
EPSS 13% CVSS 9.8
CRITICAL Act Now

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Deserialization +2
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

An issue was discovered on SoftCase T-Router build 20112017 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE T Router Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered on SoftCase T-Router build 20112017 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE T Router Firmware
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Hutool
NVD GitHub
EPSS 2% CVSS 8.2
HIGH This Week

An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service XXE +2
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure Spring Advanced Message Queuing Protocol +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure SAP +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS SAP +1
NVD
EPSS 7% CVSS 7.4
HIGH PATCH This Week

TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Java Apache Information Disclosure +3
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Java Deserialization +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XSS Java +1
NVD VulDB
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Java IBM Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Deserialization
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Sso Plugin
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java IBM Path Traversal +6
NVD
EPSS 4% CVSS 7.5
HIGH This Week

A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java IBM Information Disclosure +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Microsoft IBM +3
NVD
EPSS 2% CVSS 9.9
CRITICAL PATCH Act Now

A vulnerability was discovered in the Java VM component of Oracle Database Server. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Banco
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Kubernetes Jenkins +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Atlassian Jenkins +2
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
Prev Page 23 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy