CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

232 matches found

CVE-2026-44088

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...

8.6CVSS6.3AI score0.00442EPSS

Exploits0References1

ATTACKERKB•added 6 days ago•5 views

CVE-2025-64390

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J Blu-ray Disc Java sandbox can be escaped through a malformed JAR file...

5.8AI score0.00012EPSS

Exploits0References2Affected Software1

RedhatCVE•added 6 days ago•9 views

CVE-2026-40564

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

6.5CVSS5.8AI score0.00053EPSS

Exploits1References1

CVE•added 2026/05/17 11:30 a.m.•15 views

CVE-2026-8751

Affected software: h2oai h2o-3 (versions before 7402). The issue lies in the JAR Handler component, specifically the importBinaryModel() function in h2o-core/src/main/java/hex/Model.java, where input manipulation can trigger deserialization. This enables remote exploitation, with the exploit publ...

9.8CVSS6.7AI score0.00038EPSS

Exploits0References4Affected Software1

NVD•added 2026/05/15 9:16 a.m.•5 views

CVE-2026-44088

8.6CVSS0.00442EPSS

Exploits0References2

CNNVD•added 2026/05/15 12:0 a.m.•5 views

Krajowa Izba Rozliczeniowa SzafirHost 代码问题漏洞

Krajowa Izba Rozliczeniowa SzafirHost is an electronic signature server component developed by the Polish company Krajowa Izba Rozliczeniowa. It provides certificate management and signature processing capabilities. Versions of Krajowa Izba Rozliczeniowa SzafirHost prior to 1.2.1 had code...

8.6CVSS6.2AI score0.00442EPSS

Exploits0References1

Positive Technologies•added 2026/05/15 12:0 a.m.•5 views

PT-2026-41271

8.6CVSS6.4AI score0.00442EPSS

Exploits0References3

Snyk•added 2026/04/08 9:10 p.m.•3 views

Arbitrary Command Injection

Overview @idachev/mcp-javadc is a Model Context Protocol MCP server for Java decompilation Affected versions of this package are vulnerable to Arbitrary Command Injection via the HTTP Interface component when processing the jarFilePath argument. An attacker can execute arbitrary operating system...

7.5CVSS6.1AI score0.00403EPSS

Exploits0References2

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-31446

A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

7.5CVSS5.6AI score0.00403EPSS

Exploits0References7

CNNVD•added 2026/04/08 12:0 a.m.•4 views

MCP Java Decompiler Server 操作系统命令注入漏洞

MCP Java Decompiler Server is a Java bytecode decompilation server developed by Ivan Dachev. Versions of MCP Java Decompiler Server 1.2.4 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from the handling of the parameter jarFilePath in the...

7.5CVSS7.1AI score0.00403EPSS

Exploits0References6

Debian CVE•added 2026/03/05 8:48 p.m.•5 views

CVE-2026-0848

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

10CVSS9.7AI score0.00307EPSS

Exploits3