Sa-Token 代码问题漏洞

Sa-Token is a lightweight Java authentication framework open source by dromara. A code issue vulnerability exists in Sa-Token 1.44.0 and earlier versions, which stems from a misuse of the function ObjectInputStream.readObject in the file SaSerializerTemplateForJdkUseBase64.java, which could lead ...

CVE-2025-31129

Summary: CVE-2025-31129 affects the Jooby pac4j integration. In io.jooby.internal.pac4j.SessionStoreImpl#get, values are deserialized from untrusted data (notably for payloads starting with “b64~”), which can enable code execution. The issue is fixed in Jooby releases 2.17.0 (2.x stream) and 3.7....

Solon 安全漏洞

Solon is a new ecological application development framework for Java for noear individual developers in China. A security vulnerability exists in Solon 3.0.8 and earlier versions, which stems from a path traversal issue...

Supercharging Your AI Applications with Spring AI Advisors

In the rapidly evolving world of artificial intelligence, developers are constantly seeking ways to enhance their AI applications. Spring AI, a Java framework for building AI-powered applications, has introduced a powerful feature: the Spring AI Advisors. The advisors can supercharge your AI...

The vulnerability of the AuthenticatedVoter class in the Java framework for securing industrial applications with Spring Security allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the AuthenticatedVoter class in the Java framework for securing industrial applications under Spring Security is related to deficiencies in access control when processing the null parameter. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...

Fedora: Security Advisory for beust-jcommander (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: beust-jcommander-1.82-9.fc40

JCommander is a very small Java framework that makes it trivial to parse command line parameters with annotations...

The vulnerability of the Gradle plugin for the Quarkus Java framework, which allows a hacker to exploit and disclose protected information

The vulnerability of the Gradle plugin for the Quarkus Java framework is related to the disclosure of information through environment variables. Exploiting this vulnerability allows an attacker to disclose the protected information...

CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

CVE-2024-23639

Affected product: Micronaut Framework (micronaut-core). Vulnerability: Enabled but unsecured management endpoints allow drive-by localhost attacks when a malicious site issues HTTP requests to localhost, potentially bypassing CORS checks for some simple requests. Impact: Local development environ...

Magic-Api Code Injection Vulnerability

magic-api is sssssssss-team open source a Java-based interface rapid development framework . A code injection vulnerability exists in Magic-Api version 2.0.1 and earlier versions. Attackers exploit this vulnerability to cause code injection...

The vulnerability of the mvcRequestMatch component in the Java framework for securing industrial applications using Spring Security allows attackers to compromise the integrity of protected information.

The vulnerability of the mvcRequestMatch component in the Java framework for securing industrial applications using Spring Security is related to a flaw in the data protection mechanism. Exploiting this vulnerability allows an attacker to compromise the integrity of the protected information...

Active Exploitation of ZK Framework CVE-2022-36537

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is aware of active exploitation of CVE-2022-36537 in vulnerable versions of ConnectWise R1Soft Server Backup Manager software. The root cause of the vulnerability is an...

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 CVSS score: 7.5, the issue impacts ZK Framework versions...

ZK Framework AuUploader Unspecified Vulnerability

ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to...

VulnCheck KEV: CVE-2022-36537

ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to...

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 CVSS score: 9.8, the shortcoming could be trivially abused by a malicious actor without any...

Atmosphere Java Framework Reflected Cross-Site Scripting

A cross-site scripting vulnerability exists in Atmosphere. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

CVE-2022-22963 - PoC Spring Java Framework 0-day Remote Code Execution Vulnerability

To run the vulnerable SpringBoot application run this docker container exposing it to port 8080. Example: docker run -it -d -p 8080:8080 bobcheat/springboot-public Exploit Curl command: curl -i -s -k -X $'POST' -H $'Host: 192.168.1.2:8080' -H...

CVE-2022-21700 Memory leak in micronaut-core

Micronaut is a JVM-based, full stack Java framework designed for building JVM web applications with support for Java, Kotlin and the Groovy language. In affected versions sending an invalid Content Type header leads to memory leak in DefaultArgumentConversionContext as this type is erroneously us...