CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

291 matches found

Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

9.8CVSS7.3AI score0.94048EPSS

Exploits2References4

GithubExploit•added 3 days ago•38 views

hermes-sidecar-poc

Hermes PoC — Pod + Nacos + Math microservice Dubbo Triple S...

5.8AI score

Exploits0

GithubExploit•added 2026/04/16 1:55 p.m.•160 views

Exploit for CVE-2026-22679

CVE-2026-22679: Weaver E-cology Unauthenticated RCE via dubboA...

9.8CVSS6.7AI score0.00298EPSS

Exploits1

Cvelist•added 2026/04/07 12:51 p.m.•21 views

CVE-2026-22679 Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint

Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...

9.8CVSS0.00298EPSS

Exploits1References4

OSSF Malicious Packages•added 2026/03/18 12:48 p.m.•2 views

Malicious code in dubbo-web-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c89acd0553894e9764e6be95bd53e03f5ecab30099098b94c5f7e74e44af8695 The package dubbo-web-example was found to contain malicious code...

5.8AI score

Exploits0

OSV•added 2026/03/18 12:48 p.m.•1 views

MAL-2026-1720 Malicious code in dubbo-web-example (npm)

5.8AI score

Exploits0

OSSF Malicious Packages•added 2025/12/16 7:5 a.m.•3 views

Malicious code in dubbo-js-private-workspace (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d7718e849fa01a112b317438650757b783681fbb3361ec73154005719f6f892 The package dubbo-js-private-workspace was found to contain malicious code. Source: ghsa-malware...

6.9AI score

Exploits0References3

Snyk•added 2025/12/16 7:5 a.m.•0 views

Malicious Package

Overview dubbo-js-private-workspace is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score

Exploits0References2

EUVD•added 2025/12/16 7:5 a.m.•1 views

EUVD-2025-203513

Malicious code in dubbo-js-private-workspace npm...

6.6AI score

Exploits0References1

OSV•added 2025/12/16 7:5 a.m.•2 views

MAL-2025-192586 Malicious code in dubbo-js-private-workspace (npm)

6.8AI score

Exploits0References3

Veracode•added 2025/12/13 5:9 a.m.•4 views

Remote Code Execution (RCE)

org.apache.dubbo:dubbo is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure deserialization handling in hessian-lite during exception logging, which allows an attacker to execute malicious code through crafted serialized data...

9.8CVSS7.5AI score0.46296EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2021-2042

Malware in sbrugna...

9.8CVSS9.1AI score0.0121EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-2100

Malware in sbrugna...

9.8CVSS9.2AI score0.02891EPSS

Exploits0References4