855 matches found
Javafaces LFI
An Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware...
Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion
Oracle GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server. id: CVE-2017-1000029 info: name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File...
Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion
Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests. id: CVE-2017-1000028 info: name: Oracle GlassFish Server Open Source Edition 4.1 - Loc...
CVE-2026-2586
An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...
CVE-2026-2587
A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...
Exploit for CVE-2026-2587
CVE-2026-2587 — GlassFish EL Injection RCE...
org.glassfish.main.admingui:admingui (>=7.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=7.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2587 via org.glassfish.jsftemplating:jsftemplating (>=4.0.0 <=4.1.0)
org.glassfish.jsftemplating:jsftemplating MAVEN version =4.0.0, =7.0.0, =7.0.0, =7.0.16, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2587 Source advisory: SNYK:JAVA-ORGGLASSFISHJSFTEMPLATING-167906...
org.glassfish.main.admingui:admingui (>=7.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=7.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2586 via org.glassfish.jsftemplating:jsftemplating (>=4.0.0 <=4.1.0)
org.glassfish.jsftemplating:jsftemplating MAVEN version =4.0.0, =7.0.0, =7.0.0, =7.0.16, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2586 Source advisory: SNYK:JAVA-ORGGLASSFISHJSFTEMPLATING-167906...
org.glassfish.main.admingui:admingui (>=6.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=6.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2587 via org.glassfish.jsftemplating:jsftemplating (>=3.0.0 <=4.1.0)
org.glassfish.jsftemplating:jsftemplating MAVEN version =3.0.0, =6.0.0, =6.0.0, =7.0.16, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2587 Source advisory: OSV:GHSA-29WV-CV7P-XJC2https://vulners.c...
org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=8.0.1), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=8.0.1) +15 more potentially affected by CVE-2026-2586 via org.glassfish.main.admingui:console-common (>=3.1.2 <=8.0.1)
org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =4.1, =8.0.1 and more Source cves: CVE-2026-2586 Source advisory: OSV:GHSA-96V6-HQ43-X9H4...
org.glassfish.main.admingui:admingui (>=6.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=6.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2586 via org.glassfish.jsftemplating:jsftemplating (>=3.0.0 <=4.1.0)
org.glassfish.jsftemplating:jsftemplating MAVEN version =3.0.0, =6.0.0, =6.0.0, =7.0.16, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2586 Source advisory: OSV:GHSA-96V6-HQ43-X9H4https://vulners.c...
GHSA-29WV-CV7P-XJC2 GlassFish's gadget handler is vulnerable to RCE
A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...
GHSA-96V6-HQ43-X9H4 GlassFish's Administration Console is Vulnerable to RCE
An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...
GlassFish's Administration Console is Vulnerable to RCE
An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...
GlassFish's gadget handler is vulnerable to RCE
A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...
CVE-2026-2586
An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...
CVE-2026-2587
A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...
CVE-2026-2586
An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...
CVE-2026-2586
An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...
EUVD-2026-30939
An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...