CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

119 matches found

GithubExploit•added 2026/05/14 11:15 a.m.•90 views

Nexus-Sonatype-Repository-Manager-Groovy-Script-RCE-Authenticated-

Nexus Repository Manager 3 Authenticated RCE Groovy Script Ta...

6.2AI score

Exploits0

EUVD•added 2026/05/08 3:31 p.m.•6 views

EUVD-2026-28593

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

8.8CVSS5.9AI score0.00016EPSS

Exploits1References3

Github Security Blog•added 2026/05/08 3:31 p.m.•5 views

Apache NiFi is missing the Restricted annotation with the Execute Code Required Permission

8.8CVSS5.9AI score0.00016EPSS

Exploits1References7Affected Software1

NVD•added 2026/05/08 2:16 p.m.•5 views

CVE-2026-39816

8.8CVSS0.00016EPSS

Exploits1References3

Vulnrichment•added 2026/05/08 1:38 p.m.•5 views

CVE-2026-39816 Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService

7.5CVSS5.9AI score0.00016EPSS

Exploits1References1

GithubExploit•added 2026/02/26 11:25 a.m.•120 views

Exploit for Missing Authorization in Xwiki

Research: XWiki Platform RCE CVE-2024-55879 Simulation !Se...

9.1CVSS5.7AI score0.20024EPSS

Exploits2

Packet Storm•added 2026/01/23 12:0 a.m.•113 views

📄 OpenKM Community Edition 6.3.10 Code Execution / LFI / SQL Injection

OpenKM Community Edition version 6.3.10 proof of concept Metasploit module that exploits local file inclusion, remote code execution, and SQL injection vulnerabilities...

6.1AI score

Exploits0

RedhatCVE•added 2026/01/09 12:37 p.m.•6 views

CVE-2023-50765

A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...

4.3CVSS6.3AI score0.0007EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:9 a.m.•7 views

CVE-2019-11444

An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a command.execute call, as demonstrated by "def cmd =" in the ServerAdminPortletscript value to group/controlpanel/manage. Valid...

9CVSS7.1AI score0.37464EPSS

Exploits1References1

Imperva Blog•added 2025/12/01 4:20 p.m.•8 views

CVE-2025-61757: Imperva Customers Protected Against Critical Oracle Identity Manager Authentication Bypass Leading to Remote Code Execution

At the end of October 2025, Oracle released an emergency security alert addressing CVE-2025-61757, a high-severity authentication-bypass flaw that enables remote code execution in the Identity Manager product of Oracle Fusion Middleware versions 12.2.1.4.0 and 14.1.2.1.0. Multiple threat actors a...

9.8CVSS8.9AI score0.87828EPSS

Exploits1

RedhatCVE•added 2025/11/13 7:8 p.m.•8 views

CVE-2025-64099

Open Access Management OpenAM is an access management solution. In versions prior to 16.0.0, if the "claimsparametersupported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the value of one's choice into a claim contained in the idtoken or ...

9.3CVSS6.8AI score0.00055EPSS

Exploits0References1

Snyk•added 2025/11/12 9:27 p.m.•3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the oidc-claims-extension.groovy script when the claimsparametersupported parameter is enabled. An attacker can inject arbitrary values into claims returned in idtoken or userinfo by supplying a crafted JSON...

9.3CVSS7AI score0.00055EPSS

Exploits0References2

OSV•added 2025/11/12 9:27 p.m.•4 views

GHSA-39HR-239P-FHQC OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed

Summary If the "claimsparametersupported" parameter is activated, it is possible through the "oidc-claims-extension.groovy" script, to inject the value of choice into a claim contained in the idtoken or in the userinfo. Authorization function requests do not prevent a claims parameter containing ...

9.3CVSS6.8AI score0.00055EPSS

Exploits0References5

NVD•added 2025/11/12 7:15 p.m.•3 views

CVE-2025-64099

9.3CVSS0.00055EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-10358

Malware in sbrugna...

7.2CVSS7AI score0.00391EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views