CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

177 matches found

OSV•added 2026/05/16 12:0 a.m.•3 views

OPENSUSE-SU-2026:10790-1 java-1_8_0-openj9-1.8.0.492-2.1 on GA media

These are all security issues fixed in the java-180-openj9-1.8.0.492-2.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS6AI score0.00025EPSS

Exploits0References1

Tenable Nessus•added 2026/05/11 12:0 a.m.•5 views

Unity Linux 20.1070e Security Update: xstream (UTSA-2026-017732)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017732 advisory. XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated...

7.7CVSS7.2AI score0.9368EPSS

Exploits4References4

Positive Technologies•added 2026/05/08 12:0 a.m.•5 views

PT-2026-38862

Vulnerability in Oracle Java SE component: Install. The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE. Successful attacks...

7.3CVSS5.8AI score0.00222EPSS

Exploits0References3

Positive Technologies•added 2026/05/08 12:0 a.m.•6 views

PT-2026-38719

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

4.3CVSS5.8AI score0.00356EPSS

Exploits0References7

OSV•added 2026/05/06 2:42 p.m.•2 views

BIT-JAVA-MIN-2020-2778

4.3CVSS6.7AI score0.00356EPSS

Exploits0References6

OSV•added 2026/05/06 2:41 p.m.•2 views

BIT-JAVA-MIN-2020-14573

Vulnerability in the Java SE product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks o...

4.3CVSS6.7AI score0.00405EPSS

Exploits0References12

Positive Technologies•added 2026/05/06 12:0 a.m.•3 views

PT-2026-37903

5.8CVSS6.7AI score0.00328EPSS

Exploits0References7

Positive Technologies•added 2026/05/06 12:0 a.m.•4 views

PT-2026-37905

4.3CVSS6.7AI score0.00356EPSS

Exploits0References7

Positive Technologies•added 2026/05/06 12:0 a.m.•3 views

PT-2026-37674

Vulnerability in the Java SE product of Oracle Java SE component: JavaFX. The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human...

8.3CVSS7.2AI score0.01068EPSS

Exploits0References6

Snyk•added 2026/04/15 10:13 a.m.•2 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...

9.9CVSS5.7AI score0.00022EPSS

Exploits0References4

ATTACKERKB•added 2026/03/27 12:1 a.m.•2 views

CVE-2026-33701

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and...

9.3CVSS6.6AI score0.00214EPSS

Exploits1References4Affected Software1

Fedora•added 2026/01/31 5:32 p.m.•3 views

[SECURITY] Fedora 43 Update: java-21-openjdk-21.0.10.0.7-2.fc43

The OpenJDK 21 runtime environment...

5.9AI score

Exploits0

Tenable Nessus•added 2026/01/16 12:0 a.m.•4 views

MiracleLinux 4 : pki-core-9.0.3-43.AXS4 (AXSA:2015-401:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-401:01 advisory. ================================== || ABOUT CERTIFICATE SYSTEM || ================================== Certificate System CS is an enterprise software system...

4.3CVSS6.7AI score0.00238EPSS

Exploits0References2

OSV•added 2025/12/03 2:35 p.m.•27 views

BIT-ACTIVEMQ-2022-41678 Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

8.8CVSS7AI score0.93EPSS

Exploits2References6

OSV•added 2025/11/06 10:46 a.m.•1 views

SUSE-SU-2025:3964-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - CVE-2025-53057: Fixed an issue where an unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data bsc1252414 - CVE-2025-53066: Fixed an issue where an unauthenticated attacker can achieve...

7.5CVSS5.8AI score0.00068EPSS

Exploits0References8

Positive Technologies•added 2025/10/08 12:0 a.m.•3 views

PT-2025-41259

Name of the Vulnerable Software and Affected Versions WukongCRM version 9.0-JAVA Description The software contains a fastjson deserialization issue through the /OaExamine/setOaExamine API endpoint. The vulnerability is triggered via this interface. Recommendations At the moment, there is no...

6.5CVSS6.6AI score0.00166EPSS

Exploits1References4