CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

768 matches found

CNNVD•added 2026/01/07 12:0 a.m.•2 views

Bio-Formats 代码问题漏洞

Bio-Formats is an Open Microscopy Environment open source Java library for reading and writing various microscopy imaging proprietary file formats. A code issue vulnerability exists in Bio-Formats 8.3.0 and prior versions that stems from performing insecure Java deserialization of...

7.8CVSS7.9AI score0.00415EPSS

Exploits1References3

Veracode•added 2026/01/05 7:27 a.m.•3 views

Insecure Deserialization

Apache NiFi is vulnerable to Insecure Deserialization. The vulnerability is due to where the GetAsanaObject Processor stores and retrieves state data using generic Java object deserialization without validation, allowing attackers with direct access to the configured Distributed Map Cache server ...

8.8CVSS7.7AI score0.00149EPSS

Exploits0References4Affected Software1

GithubExploit•added 2026/01/01 10:35 p.m.•214 views

Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform

Many critical industries banking, healthcare, and manufacturing...

9.8CVSS9.4AI score0.94294EPSS

Exploits21

CVE•added 2025/12/28 2:32 a.m.•5 views

CVE-2025-15117

CVE-2025-15117 affects Dromara Sa-Token up to 1.44.0. The flaw is in SaJdkSerializer.java, specifically ObjectInputStream.readObject, enabling a deserialization attack. The description notes remote-launch potential with high attack complexity and difficult exploitability. Multiple sources corrobo...

3.1CVSS6.3AI score0.0005EPSS

Exploits0References4

RedhatCVE•added 2025/12/20 10:11 a.m.•4 views

CVE-2025-66524

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

8.8CVSS6.6AI score0.00149EPSS

Exploits0References1

NVD•added 2025/12/19 10:15 a.m.•4 views

CVE-2025-66524

8.8CVSS0.00149EPSS

Exploits0References2

CNNVD•added 2025/11/19 12:0 a.m.•2 views

Apache Causeway 安全漏洞

Apache Causeway is the Apache Foundation of a Java rapid application development framework . Apache Causeway suffers from a deserialization vulnerability that originates from unsafe deserialization of user-controllable URL parameters in the receipt of serialized data submitted by the user, which...

6.3CVSS7.1AI score0.01294EPSS

Exploits0References3

EUVD•added 2025/11/15 12:30 a.m.•3 views

EUVD-2024-26050

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing...

9.8CVSS6.8AI score0.06312EPSS

Exploits0References3

CNVD•added 2025/10/21 12:0 a.m.•4 views

IBM Standards Processing Engine Deserialization Vulnerability

IBM Standards Processing Engine Ibm Transformation Extender Advanced is a document conversion software from International Business Machines IBM. Used to automatically convert and validate large amounts of data. IBM Standards Processing Engine suffers from a deserialization vulnerability that stem...

9.8CVSS6.9AI score0.01803EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-17355

Malware in sbrugna...

10CVSS9.2AI score0.014EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-4448

Malware in sbrugna...

10CVSS9.2AI score0.08075EPSS

Exploits5References5