GHSA-G628-R368-6VH7 GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

Summary Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution RCE. Impact If GeoServer has DB2 extension installed, this vulnerability can lead to executing arbitrary code. Details Authenticated users can access Vector Data Sources page to...

SolarWinds Web Help Desk < 2026.1 - Unauthenticated JNDI Injection RCE

SolarWinds Web Help Desk before version 2026.1 contains an insecure deserialization vulnerability in the jabsorb JSON-RPC library. When chained with a CSRF whitelist bypass CVE-2025-40536, remote unauthenticated attackers can exploit JNDI injection via the Apache Xalan JNDIConnectionPool class to...

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

DataEase DB2/MongoDB JNDI Code Injection Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . A code injection vulnerability exists in DataEase DB2/MongoDB JDBC...

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

PoC exploit for CVE-2021-44228, a Java-based exploit targeting t...

Linux Distros Unpatched Vulnerability : CVE-2020-14781

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8...

Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analytics system from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics that stems from an unrestricted JNDI identifier, which can lead to the disclosu...

PT-2023-21735 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: Payara Server versions 4.1.2.191 through 5.20.0 and newer Enterprise Payara Server versions 5.2020.1 and newer Community Description: A JNDI rebind operation in the default ORB listener allows remote attackers to load malicious code on the...

VulnCheck KEV: CVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue...

Apache Sling 注入漏洞

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. Designed to meet the JSR-170 content repository such as Apache Jackrabbit to create content-centric applications. Apache Sling JCR Base versions prior to 3.1.12 JNDI injection vulnerabilit...

CVE-2022-41271

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration PI - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

h2: Loading of custom classes from remote servers through JNDI

A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script...

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

PT-2022-3119 · Oracle +11 · Java Se +13

Name of the Vulnerable Software and Affected Versions: Oracle Java SE versions 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle GraalVM Enterprise Edition versions 20.3.5, 21.3.1, 22.0.0.2 Description: The issue is related to insufficient input validation in the JNDI component of the Oracle Java SE and...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...