Lucene search
K

67 matches found

NVD
NVD
added last week6 views

CVE-2026-55760

Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile using FileTemplateLoader or ClassPathTemplateLoader are vulnerable to path traversal, allowing arbitrary file read through template nam...

7.5CVSS0.00414EPSS
Exploits0References3
OSV
OSV
added last week2 views

CVE-2026-55760 handlebars.java FileTemplateLoader Path Traversal

Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile using FileTemplateLoader or ClassPathTemplateLoader are vulnerable to path traversal, allowing arbitrary file read through template nam...

7.5CVSS6.2AI score0.00414EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 4:16 p.m.12 views

CVE-2025-11919

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

9.6CVSS0.004EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:39 p.m.8 views

CVE-2025-11919

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

9.6CVSS6.2AI score0.004EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51791

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions prior to 1402.v94c9ce464861 Description The plugin fails to reject Groovy AST Abstract Syntax Tree transformation annotations that contain an extensions member. This allows attackers with the ability to...

8.5CVSS6AI score0.00594EPSS
Exploits0References7
OSV
OSV
added 2026/06/05 5:40 a.m.8 views

BIT-AIRFLOW-2026-45360 Apache Airflow: Arbitrary import in custom deadline-reference deserialization

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

7.3CVSS5.7AI score0.00651EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/02 11:27 a.m.12 views

Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage

A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...

9.8CVSS6.4AI score0.00881EPSS
Exploits2References6
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

Apache ActiveMQ 安全漏洞

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ, which stems from improper class path name validation and...

4.3CVSS5.8AI score0.00419EPSS
Exploits0References2
NVD
NVD
added 2026/01/22 10:16 a.m.8 views

CVE-2026-1225

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

1.8CVSS0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 9:24 a.m.33 views

CVE-2026-1225 Malicious logback.xml configuration file allows instantiation of arbitrary classes

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

1.8CVSS0.00159EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 9:24 a.m.5 views

CVE-2026-1225

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

1.8CVSS5.3AI score0.00159EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/01/22 9:24 a.m.5 views

EUVD-2026-4130

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

1.8CVSS5.5AI score0.00159EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/22 12:0 a.m.9 views

Logback allows an attacker to instantiate classes already present on the class path

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

1.8CVSS5.6AI score0.00159EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

logback-core security vulnerability

logback-core is the core module of the QOS.CH open-source logging framework. Versions of logback-core prior to 1.5.24 have security vulnerabilities, which stem from improper handling of configuration files. This vulnerability could allow attackers to instantiate classes on the class path by...

1.8CVSS6.1AI score0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/12 4:47 a.m.14 views

CVE-2025-69275 Spectrum outdated java library in class-path

Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier...

7.1CVSS6.6AI score0.00122EPSS
Exploits0References1
CVE
CVE
added 2026/01/12 4:47 a.m.16 views

CVE-2025-69275

The CVE describes a dependency on a vulnerable third-party component in Broadcom DX NetOps Spectrum, affecting version 24.3.9 and earlier, on Windows and Linux. The underlying issue is DOM-Based XSS triggered by the vulnerable component in the product’s runtime environment. Impact is limited to t...

7.1CVSS6.6AI score0.00122EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/11/13 9:15 p.m.5 views

CVE-2025-47222

A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...

6.5CVSS5.8AI score0.0029EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-0412

Malware in sbrugna...

5CVSS6.4AI score0.01881EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-41312

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.00872EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0626

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00919EPSS
Exploits1References5
Rows per page
Query Builder