CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

295 matches found

Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

9.8CVSS7.4AI score0.35564EPSS

Exploits2References4

vulnersOsv•added 2026/06/08 11:1 p.m.•5 views

ai.h2o:h2o-algos (=0.1.9), ai.h2o:h2o-app (=0.1.9) +2025 more potentially affected by CVE-2026-45536 via io.netty:netty-transport-native-kqueue (>=4.1.11.Final <=4.1.134.Final)

io.netty:netty-transport-native-kqueue MAVEN version =4.1.11.Final, =3.30.1.1, =3.10.0.5, =0.2.3.5, =2.4.0, =1.5.0, =3.0.0, =3.0.0, =1.0.3, =4.4.0, =4.7.3 and more Source cves: CVE-2026-45536 Source advisory: OSV:GHSA-W573-9FFJ-6FF9...

5.4AI score0.00136EPSS

Exploits0

GithubExploit•added 2026/06/02 7:3 a.m.•68 views

hermes-sidecar-poc

Hermes PoC — Pod + Nacos + Math microservice Dubbo Triple S...

5.8AI score

Exploits0

GithubExploit•added 2026/04/16 1:55 p.m.•197 views

Exploit for CVE-2026-22679

CVE-2026-22679: Weaver E-cology Unauthenticated RCE via dubboA...

9.8CVSS6.7AI score0.2148EPSS

Exploits1

Cvelist•added 2026/04/07 12:51 p.m.•24 views

CVE-2026-22679 Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint

Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...

9.8CVSS0.2148EPSS

Exploits1References4

OSSF Malicious Packages•added 2026/03/18 12:48 p.m.•5 views

Malicious code in dubbo-web-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c89acd0553894e9764e6be95bd53e03f5ecab30099098b94c5f7e74e44af8695 The package dubbo-web-example was found to contain malicious code...

5.8AI score

Exploits0

OSV•added 2026/03/18 12:48 p.m.•4 views

MAL-2026-1720 Malicious code in dubbo-web-example (npm)

5.8AI score

Exploits0

EUVD•added 2025/12/16 7:5 a.m.•3 views

EUVD-2025-203513

Malicious code in dubbo-js-private-workspace npm...

6.6AI score

Exploits0References1

OSSF Malicious Packages•added 2025/12/16 7:5 a.m.•6 views

Malicious code in dubbo-js-private-workspace (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d7718e849fa01a112b317438650757b783681fbb3361ec73154005719f6f892 The package dubbo-js-private-workspace was found to contain malicious code. Source: ghsa-malware...

6.9AI score

Exploits0References3

Snyk•added 2025/12/16 7:5 a.m.•1 views

Malicious Package

Overview dubbo-js-private-workspace is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score

Exploits0References2

OSV•added 2025/12/16 7:5 a.m.•4 views

MAL-2025-192586 Malicious code in dubbo-js-private-workspace (npm)

6.8AI score

Exploits0References3

Veracode•added 2025/12/13 5:9 a.m.•7 views

Remote Code Execution (RCE)

org.apache.dubbo:dubbo is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure deserialization handling in hessian-lite during exception logging, which allows an attacker to execute malicious code through crafted serialized data...

9.8CVSS7.5AI score0.15313EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•32 views

EUVD-2021-2105

Malware in sbrugna...

8.8CVSS8.5AI score0.01955EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-2100

Malware in sbrugna...

9.8CVSS9.2AI score0.0653EPSS

Exploits0References4