CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

768 matches found

Cvelist•added 2025/09/01 9:18 p.m.•5 views

CVE-2024-28988 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing...

9.8CVSS0.06312EPSS

Exploits0References2

CVE•added 2025/09/01 9:18 p.m.•18 views

CVE-2024-28988

SolarWinds Web Help Desk is affected by a Java deserialization remote code execution vulnerability in versions before 12.8.3. The issue allows unauthenticated attackers to execute commands on the host; ZDI researchers observed unauthenticated exploitation during research. A patch is available; re...

9.8CVSS7AI score0.06312EPSS

In wildExploits0References2Affected Software1

Tenable Nessus•added 2025/08/19 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2022-36944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java...

9.8CVSS6.9AI score0.67806EPSS

Exploits1References2

GithubExploit•added 2025/08/12 10:34 p.m.•311 views

Exploit for Deserialization of Untrusted Data in Cisco Identity_Services_Engine

CVE-2025-20124 – Cisco ISE 3.0 Java Deserialization Remote Cod...

9.9CVSS8AI score0.09507EPSS

Exploits4

Exploit DB•added 2025/08/11 12:0 a.m.•366 views

Cisco ISE 3.0 - Remote Code Execution (RCE)

Exploit Title: Cisco ISE 3.0 - Remote Code Execution RCE Exploit Author: @ibrahimsql ibrahimsql.com Exploit Author's github: https://github.com/ibrahmsql Description: Cisco ISE API Java Deserialization RCE CVE: CVE-2025-20124 Vendor Homepage: https://www.cisco.com/ Requirements: requests=2.25.0,...

9.9CVSS7.4AI score0.09507EPSS

Exploits4

Gitee•added 2025/08/03 4:13 a.m.•108 views

Exploit for Deserialization of Untrusted Data in Ibm Sterling_B2B_Integrator

Java Deserialization Exploits A collection of curated Java Deserialization Exploits Currently this repo contains exploits for the following vulnerabilities: - Cisco Prime Infrastructure Java Deserialization RCE CVE-2016-1291 - IBM WebSphere Java Object Deserialization RCE CVE-2015-7450 - OpenNMS...

10CVSS6.9AI score0.94035EPSS

Exploits53

Gitee•added 2025/07/27 4:26 a.m.•82 views

JavaDeserH2HC

This repository contains sample codes for the Hackers to Hackers Conference magazine 2017 H2HC. The codes are designed to demonstrate various exploitation techniques, specifically focusing on Java deserialization vulnerabilities. The primary vulnerability class/vector targeted is Java...

8.2AI score

Exploits0

RedhatCVE•added 2025/07/10 1:30 a.m.•3 views

CVE-2025-42966

SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability ...

9.1CVSS7.1AI score0.00621EPSS

Exploits0References1

RedhatCVE•added 2025/07/10 1:30 a.m.•3 views

CVE-2025-42963

A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected...

9.1CVSS7AI score0.00621EPSS

Exploits0References1

NVD•added 2025/07/08 1:15 a.m.•6 views

CVE-2025-42966

9.1CVSS0.00621EPSS

Exploits0References2

CVE•added 2025/07/08 12:36 a.m.•21 views

CVE-2025-42966

CVE-2025-42966 affects SAP NetWeaver XML Data Archiving Service. The vulnerability is an insecure Java deserialization flaw exploitable by an authenticated attacker with administrative privileges via a crafted serialized Java object. This can impact confidentiality, integrity, and availability of...

9.1CVSS6.4AI score0.00621EPSS

Exploits0References2

CNNVD•added 2025/07/08 12:0 a.m.•2 views

SAP NetWeaver Application Server for Java 代码问题漏洞

SAP NetWeaver Application Server for Java is a Java EE-based application server from SAP, Germany. A code issue vulnerability exists in SAP NetWeaver Application Server for Java, which stems from insecure Java object deserialization and could lead to a complete crack of the operating system...

9.1CVSS9.3AI score0.00621EPSS

Exploits0References3

Positive Technologies•added 2025/07/08 12:0 a.m.•2 views

PT-2025-28285 · Sap · Sap Netweaver Xml Data Archiving Service

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver XML Data Archiving Service affected versions not specified Description: The issue allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially...

9.1CVSS9.2AI score0.00621EPSS

Exploits0References6

CNNVD•added 2025/07/08 12:0 a.m.•2 views

SAP NetWeaver 代码问题漏洞

SAP NetWeaver is a set of integrated service-oriented application platform from SAP. The platform primarily provides a development and runtime environment for SAP applications. A code issue vulnerability exists in SAP NetWeaver that stems from insecure Java deserialization and could lead to high...

9.1CVSS9.3AI score0.00621EPSS

Exploits0References3

GithubExploit•added 2025/07/03 12:31 a.m.•414 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 Apache Tomcat RCE Exploit PoC This repository...

9.8CVSS9.4AI score0.9413EPSS

Exploits44

RedhatCVE•added 2025/06/26 7:23 p.m.•6 views

CVE-2025-2566

Kaleris NAVIS N4 ULC Ultra Light Client contains an unsafe Java deserialization vulnerability. An unauthenticated attacker can make specially crafted requests to execute arbitrary code on the server...

9.3CVSS8.4AI score0.00893EPSS

Exploits0References1

NVD•added 2025/06/24 7:15 p.m.•5 views

CVE-2025-2566

9.3CVSS0.00893EPSS

Exploits0References1

Cvelist•added 2025/06/24 6:27 p.m.•7 views

CVE-2025-2566 Deserialization of Untrusted Data in Kaleris Navis N4

9.3CVSS0.00893EPSS

Exploits0References1

CVE•added 2025/06/24 6:27 p.m.•23 views

CVE-2025-2566

CVE-2025-2566 affects Kaleris NAVIS N4 ULC (Ultra Light Client). The vulnerability is an unsafe Java deserialization flaw that allows an unauthenticated attacker to send specially crafted requests to execute arbitrary code on the server (remote code execution). Per available documents, the issue ...

9.3CVSS8.3AI score0.00893EPSS

Exploits0References1

CNNVD•added 2025/06/24 12:0 a.m.•3 views

Kaleris NAVIS N4 代码问题漏洞

Kaleris NAVIS N4 is a container terminal operating system from Kaleris Corporation, USA. A code issue vulnerability exists in Kaleris NAVIS N4 versions prior to 4.0, which stems from a flaw in Java deserialization that could lead to remote execution of arbitrary code...

9.3CVSS7.2AI score0.00893EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by