Skip to main content

Java

3274 CVEs product

Monthly

CVE-2012-1726 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
6.4
EPSS
0.4%
CVE-2012-1725 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
4.8%
CVE-2012-1724 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
2.5%
CVE-2012-1723 CRITICAL POC KEV THREAT Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Oracle Authentication Bypass
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
94.1%
Threat
7.8
CVE-2012-1722 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
3.0%
CVE-2012-1721 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
3.0%
CVE-2012-1720 LOW Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when. Rated low severity (CVSS 3.7). No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
3.7
EPSS
0.1%
CVE-2012-1719 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
2.5%
CVE-2012-1718 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
5.1%
CVE-2012-1717 LOW PATCH Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Java Oracle Information Disclosure Jre Jdk +15
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-1716 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
4.8%
CVE-2012-1713 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre +1
NVD
CVSS 2.0
10.0
EPSS
6.4%
CVE-2012-1711 HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2012-1826 Maven MEDIUM PATCH This Month

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation Java Dotcms
NVD GitHub
CVSS 2.0
6.0
EPSS
1.0%
CVE-2012-0507 CRITICAL POC KEV THREAT Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Oracle Denial Of Service Memory Corruption
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
93.6%
Threat
7.8
CVE-2012-0551 MEDIUM POC THREAT This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.1%.

Java Oracle Information Disclosure Glassfish Server Jdk +1
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
29.1%
CVE-2012-0522 MEDIUM This Month

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Java Business Objects. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Fusion Middleware
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-0508 CRITICAL Act Now

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX, 1.3.0 and earlier, and 1.2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Javafx
NVD
CVSS 2.0
10.0
EPSS
2.3%
CVE-2012-0506 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre
NVD
CVSS 2.0
4.3
EPSS
1.5%
CVE-2012-0505 HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2012-0504 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
9.3
EPSS
1.4%
CVE-2012-0503 HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2012-0502 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre
NVD
CVSS 2.0
6.4
EPSS
1.9%
CVE-2012-0501 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre
NVD
CVSS 2.0
5.0
EPSS
5.1%
CVE-2012-0500 CRITICAL POC THREAT Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.9%.

Java Oracle Information Disclosure Jre Javafx
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
74.9%
Threat
5.7
CVE-2012-0499 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Java Oracle Information Disclosure Jre Javafx
NVD
CVSS 2.0
10.0
EPSS
10.2%
CVE-2012-0498 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre
NVD
CVSS 2.0
10.0
EPSS
8.0%
CVE-2012-0497 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre
NVD
CVSS 2.0
10.0
EPSS
4.8%
CVE-2012-0936 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java XSS Opennms
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-0393 Maven MEDIUM POC PATCH THREAT This Month

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 58.5%.

Privilege Escalation Apache Java Struts
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
58.5%
Threat
4.5
CVE-2012-0392 Maven MEDIUM POC PATCH THREAT This Month

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.0%.

RCE Apache Java Struts
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
75.0%
Threat
5.1
CVE-2012-0391 Maven CRITICAL POC KEV PATCH THREAT GHSA Act Now

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Apache RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
88.3%
Threat
7.6
CVE-2011-3544 CRITICAL POC KEV PATCH THREAT Act Now

Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise through malicious Java Web Start applications and untrusted applets exploiting the Scripting component. CISA KEV confirms active exploitation in the wild. EPSS score of 92.59% (100th percentile) indicates extremely high probability of mass exploitation. Public exploit code exists, making this a critical priority for any environment running affected Java versions despite the vulnerability's age.

Java Oracle Authentication Bypass
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
92.6%
Threat
9.7
CVE-2010-1871 HIGH POC KEV THREAT Act Now

JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to achieve arbitrary code execution via crafted URL parameters when the Java Security Manager is misconfigured.

Java Red Hat RCE
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
93.7%
Threat
9.6
EPSS 0% CVSS 6.4
MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 5% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 94% 7.8 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Oracle Authentication Bypass
NVD Exploit-DB VulDB
EPSS 3% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when. Rated low severity (CVSS 3.7). No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 5% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Java Oracle Information Disclosure +17
NVD
EPSS 5% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 6% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation Java Dotcms
NVD GitHub
EPSS 94% 7.8 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Oracle Denial Of Service +1
NVD Exploit-DB VulDB
EPSS 29% CVSS 5.8
MEDIUM POC THREAT This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.1%.

Java Oracle Information Disclosure +3
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM This Month

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Java Business Objects. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure +1
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX, 1.3.0 and earlier, and 1.2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +1
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +1
NVD
EPSS 2% CVSS 6.4
MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +1
NVD
EPSS 5% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +1
NVD
EPSS 75% 5.7 CVSS 10.0
CRITICAL POC THREAT Emergency

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.9%.

Java Oracle Information Disclosure +2
NVD Exploit-DB
EPSS 10% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 8% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +1
NVD
EPSS 5% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java XSS Opennms
NVD
EPSS 59% 4.5 CVSS 6.4
MEDIUM POC PATCH THREAT This Month

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 58.5%.

Privilege Escalation Apache Java +1
NVD Exploit-DB
EPSS 75% 5.1 CVSS 6.8
MEDIUM POC PATCH THREAT This Month

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.0%.

RCE Apache Java +1
NVD Exploit-DB
EPSS 88% 7.6 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Apache RCE
NVD Exploit-DB VulDB
EPSS 93% 9.7 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise through malicious Java Web Start applications and untrusted applets exploiting the Scripting component. CISA KEV confirms active exploitation in the wild. EPSS score of 92.59% (100th percentile) indicates extremely high probability of mass exploitation. Public exploit code exists, making this a critical priority for any environment running affected Java versions despite the vulnerability's age.

Java Oracle Authentication Bypass
NVD Exploit-DB VulDB
EPSS 94% 9.6 CVSS 8.8
HIGH POC KEV THREAT Act Now

JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to achieve arbitrary code execution via crafted URL parameters when the Java Security Manager is misconfigured.

Java Red Hat RCE
NVD Exploit-DB VulDB
Prev Page 37 of 37

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy