Skip to main content

Utilities Framework

34 CVEs product

Monthly

CVE-2026-21924 MEDIUM This Month

Utilities Framework versions up to 4.3.0.3.0 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Utilities Applica (CVSS 5.4).

Oracle Utilities Framework
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2021-39152 Maven HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
11.5%
CVE-2021-39150 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
3.4%
CVE-2021-39140 Maven MEDIUM POC PATCH This Month

XStream is a simple library to serialize objects to XML and back again. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Denial Of Service Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
6.3
EPSS
5.9%
CVE-2021-39154 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39153 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Java Xstream Fedora +11
NVD GitHub
CVSS 3.1
8.5
EPSS
4.5%
CVE-2021-39151 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39149 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39148 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39147 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39146 Maven HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
14.3%
CVE-2021-39145 Maven HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.1%
CVE-2021-39144 Maven HIGH POC KEV PATCH THREAT Act Now

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE Code Injection Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
98.1%
CVE-2021-39141 Maven HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
16.1%
CVE-2021-39139 Maven HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Java Xstream Debian Linux +13
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2021-2351 HIGH POC PATCH This Week

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Advanced Networking Option Agile Engineering Data Management Agile Plm +108
NVD
CVSS 3.1
8.3
EPSS
2.5%
CVE-2021-36374 Maven MEDIUM PATCH This Month

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Apache Ant Agile Engineering Data Management +34
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2021-36373 Maven MEDIUM PATCH This Month

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Ant Agile Plm Banking Trade Finance +29
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2021-31684 Maven HIGH POC PATCH This Week

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption Json Smart V1 Json Smart V2 +1
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-27568 Maven MEDIUM POC PATCH This Month

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Json Smart V1 Json Smart V2 Communications Cloud Native Core Policy Oss Support Tools +3
NVD GitHub
CVSS 3.1
5.9
EPSS
2.9%
CVE-2020-28052 Maven HIGH POC PATCH This Week

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java Information Disclosure Bc Java Karaf Banking Corporate Lending Process Management +17
NVD GitHub
CVSS 3.1
8.1
EPSS
7.1%
CVE-2020-25649 Maven HIGH PATCH This Week

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jackson Databind Oncommand Api Services Oncommand Workflow Automation Service Level Manager +35
NVD GitHub
CVSS 3.1
7.5
EPSS
17.6%
CVE-2020-14895 MEDIUM This Month

Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Utilities Framework
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-11979 Maven HIGH PATCH This Week

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Code Injection Ant Gradle Fedora +34
NVD GitHub
CVSS 3.1
7.5
EPSS
8.2%
CVE-2020-1945 Maven MEDIUM PATCH This Month

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. Rated medium severity (CVSS 6.3). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Apache Java Information Disclosure Ant Ubuntu Linux +48
NVD
CVSS 3.1
6.3
EPSS
1.8%
CVE-2020-10683 Maven CRITICAL PATCH Act Now

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Dom4J Agile Plm Application Testing Suite Banking Platform +34
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2020-9488 Maven LOW PATCH Monitor

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Apache Log4J Communications Application Session Controller Communications Billing And Revenue Management +43
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2020-2555 CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Deserialization Access Manager Coherence Commerce Platform +6
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
97.1%
CVE-2019-10219 Maven MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse Jboss Data Grid Jboss Enterprise Application Platform +184
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-17495 LIB CRITICAL POC PATCH Act Now

A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Swagger Ui Banking Apis Banking Digital Experience Banking Platform +2
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2019-10086 Maven HIGH PATCH This Week

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Apache Deserialization Commons Beanutils Nifi +58
NVD
CVSS 3.1
7.3
EPSS
28.8%
CVE-2019-10173 Maven CRITICAL PATCH Act Now

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Deserialization Xstream Banking Platform +8
NVD
CVSS 3.1
9.8
EPSS
94.8%
CVE-2018-1000632 Maven HIGH POC PATCH This Week

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Dom4J Debian Linux Flexcube Investor Servicing Primavera P6 Enterprise Project Portfolio Management +10
NVD GitHub
CVSS 3.1
7.5
EPSS
6.6%
CVE-2018-8088 Maven CRITICAL PATCH Act Now

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Slf4J Jboss Enterprise Application Platform Virtualization Virtualization Host +9
NVD GitHub
CVSS 3.1
9.8
EPSS
15.1%
EPSS 0% CVSS 5.4
MEDIUM This Month

Utilities Framework versions up to 4.3.0.3.0 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Utilities Applica (CVSS 5.4).

Oracle Utilities Framework
NVD
EPSS 11% CVSS 8.5
HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream +14
NVD GitHub
EPSS 3% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream +14
NVD GitHub
EPSS 6% CVSS 6.3
MEDIUM POC PATCH This Month

XStream is a simple library to serialize objects to XML and back again. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Denial Of Service Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 4% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Java +13
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 14% CVSS 8.5
HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream +14
NVD GitHub
EPSS 4% CVSS 8.5
HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream +14
NVD GitHub
EPSS 98% CVSS 8.5
HIGH POC KEV PATCH THREAT Act Now

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE Code Injection Xstream +14
NVD GitHub
EPSS 16% CVSS 8.5
HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.8
HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Java +15
NVD GitHub
EPSS 2% CVSS 8.3
HIGH POC PATCH This Week

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Advanced Networking Option +110
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Apache +36
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Ant +31
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD GitHub
EPSS 3% CVSS 5.9
MEDIUM POC PATCH This Month

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Json Smart V1 Json Smart V2 +5
NVD GitHub
EPSS 7% CVSS 8.1
HIGH POC PATCH This Week

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java Information Disclosure Bc Java +19
NVD GitHub
EPSS 18% CVSS 7.5
HIGH PATCH This Week

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jackson Databind Oncommand Api Services +37
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Utilities Framework
NVD
EPSS 8% CVSS 7.5
HIGH PATCH This Week

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Code Injection Ant +36
NVD GitHub
EPSS 2% CVSS 6.3
MEDIUM PATCH This Month

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. Rated medium severity (CVSS 6.3). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Apache Java Information Disclosure +50
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Dom4J Agile Plm +36
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Apache Log4J +45
NVD VulDB
EPSS 97% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Deserialization Access Manager +8
NVD Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse +186
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL POC PATCH Act Now

A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Swagger Ui Banking Apis +4
NVD GitHub
EPSS 29% CVSS 7.3
HIGH PATCH This Week

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Apache Deserialization +60
NVD
EPSS 95% CVSS 9.8
CRITICAL PATCH Act Now

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Deserialization +10
NVD
EPSS 7% CVSS 7.5
HIGH POC PATCH This Week

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Dom4J Debian Linux +12
NVD GitHub
EPSS 15% CVSS 9.8
CRITICAL PATCH Act Now

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Slf4J Jboss Enterprise Application Platform +11
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy