Oracle WebLogic Server - Remote Code Execution

Oracle WebLogic Server 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 contains a remote code execution caused by unauthenticated access via T3, IIOP, letting attackers take over the server, exploit requires network access. id: CVE-2021-2135 info: name: Oracle WebLogic Server - Remote Code Execution author:...

Exploit for CVE-2024-21182

CVE-2024-21182 — Oracle WebLogic Server T3/IIOP JNDI Injection...

Oracle WebLogic Server - Remote Code Execution

Oracle WebLogic Server Oracle Fusion Middleware component: WLS Core Components is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated...

CVE-2021-2064

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core Components. The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server...

CVE-2021-2397

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIO...

CVE-2021-2344

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to...

CVE-2025-64428 DataEase DB2 JNDI Vulnerability

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed...

EUVD-2025-198290

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed...

CVE-2025-64428

Dataease (open source data visualization/analysis tool) is affected by a JNDI injection vulnerability in versions prior to 2.10.17. A patch in 2.10.14 added a blacklist, but JNDI injections remain possible via the iiop, corbaname, and iiopname schemes. The issue is fixed in version 2.10.17. Affec...

EUVD-2020-27432

Malware in sbrugna...

EUVD-2021-22253

Malware in sbrugna...

EUVD-2018-6533

Malware in sbrugna...

EUVD-2011-1321

Malware in sbrugna...

EUVD-2012-3289

Malware in sbrugna...

EUVD-2020-22760

Malware in sbrugna...

EUVD-2023-26003

Malicious code in bioql PyPI...

EUVD-2025-27203

Malicious code in bioql PyPI...

CVE-2025-42925

The CVE-2025-42925 entry describes a vulnerability in SAP NetWeaver AS JAVA IIOP service caused by insufficient randomness when assigning Object Identifiers, enabling an authenticated lower-privileged actor to brute-force and predict identifiers to access limited system information. Affected comp...

CVE-2023-21838

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...

CVE-2023-21837

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle...