Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CNVD
CNVDadded 2025/08/26 12:0 a.m.4 views

Apache OFBiz Code Execution Vulnerability (CNVD-2025-20870)

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code execution vulnerability exists in Apache OFBiz versions prior to 24.09.02 that stems from improper...

9.8CVSS8.4AI score0.13995EPSS
Exploits0References1
CNNVD
CNNVDadded 2024/12/10 12:0 a.m.5 views

编号撤回

Red Hat Undertow is a Java-based embedded web server from Red Hat USA and is the default web server for Wildfly Java Application Server. This CVE number has been withdrawn...

4.9AI score
Exploits0References3
Github Security Blog
Github Security Blogadded 2024/10/14 9:11 p.m.23 views

Eclipse Jetty URI parsing of invalid authority

Summary Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common...

5.3CVSS5.3AI score0.00986EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2024/10/14 4:15 p.m.24 views

CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...

5.3CVSS7AI score
Exploits0References4
CNVD
CNVDadded 2022/09/28 12:0 a.m.28 views

ZFile arbitrary file upload vulnerability

ZFile is a Java-based online web development program open-sourced by zfile-dev. ZFile v4.1.1 contains an arbitrary file upload vulnerability that stems from a lack of validation of uploaded files in its component /file/upload/1. An attacker could exploit this vulnerability to upload malicious fil...

9.8CVSS3.2AI score0.00851EPSS
Exploits1References1
CNVD
CNVDadded 2021/07/19 12:0 a.m.49 views

Eclipse Jetty has an arbitrary file download vulnerability

Jetty is a lightweight and highly scalable Java-based web server and servlet engine. Eclipse Jetty has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive information...

5CVSS2AI score0.99298EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessusadded 2020/08/06 12:0 a.m.50 views

ManageEngine Desktop Central < 10 Build 10.0.533 Integer Overflow

The ManageEngine Desktop Central application running on the remote host is prior to version 10 build 10.0.533. It is, therefore, affected by an integer overflow condition due to improper handling of header values. An unauthenticated, remote attacker can exploit this, by sending specially crafted...

9.8CVSS8.8AI score0.12666EPSS
Exploits0References2
ThreatPost
ThreatPostadded 2013/10/18 1:24 p.m.15 views

Apache Struts Update Patches Two Vulnerabilities

The group behind Apache have pushed out a new version of Struts, fixing two issues in the framework that were giving developers difficulties over the past several weeks. The Apache Software Foundation posted version 2.3.15.3 of the framework online Tuesday. The release fixes an access control...

7.7AI score
Exploits0References5
Rows per page
Query Builder