CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1674 matches found

RedHat Linux•added 2018/09/11 7:53 a.m.•2 views

spring-framework: Multipart content pollution

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application server A receives input from a remote client, and then uses that input to make a...

7.5CVSS7.4AI score0.02166EPSS

Exploits0References5

RedHat Linux•added 2018/08/14 7:51 p.m.•66 views

Critical: Red Hat Security Advisory: Red Hat FIS 2.0 on Fuse 6.3.0 R7 security and bug fix update

An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS6.9AI score0.93978EPSS

Exploits6References7

Tenable Nessus•added 2018/07/20 12:0 a.m.•59 views

Oracle Application Testing Suite Multiple Vulnerabilities (April / July 2018 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Apache Log4j 2.x before 2.8.2 due to the ability to receive serialized log events from another application. An unauthenticated,...

9.8CVSS8.8AI score0.94013EPSS

Exploits2References4

Tenable Nessus•added 2018/07/20 12:0 a.m.•755 views

Oracle WebLogic Server Multiple Vulnerabilities (July 2018 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the Spring Framework Sample Apps subcomponent in Oracle WebLogic allows an unauthenticated, remote attacker to takeover a WebLogic server. CVE-2018-1275 - ...

9.8CVSS7.2AI score0.94295EPSS

Exploits30References9

CNVD•added 2018/06/27 12:0 a.m.•2 views

Pivotal Spring Framework Cross Domain Request Vulnerability

Pivotal Spring Framework is the United States Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Pivotal Spring Framework versions 5.0.x prior to 5.0.7, 4.3.x prior to 4.3.1...

7.5CVSS5.7AI score0.07316EPSS

Exploits0References1

CNVD•added 2018/06/27 12:0 a.m.•2 views

Spring Framework Cross-Site Tracking Vulnerability

5.9CVSS6AI score0.02602EPSS

Exploits0References1

Prion•added 2018/06/25 3:29 p.m.•27 views

Cross site scripting

Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...

4.3CVSS7.1AI score0.02602EPSS

Exploits0References10Affected Software33

UbuntuCve•added 2018/06/25 3:29 p.m.•31 views

CVE-2018-11039

5.9CVSS6.8AI score0.02602EPSS

Exploits0References2

OSV•added 2018/06/25 3:29 p.m.•2 views

DEBIAN-CVE-2018-11040

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP JSON with Padding through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser...

7.5CVSS8.8AI score0.07316EPSS

Exploits0References1

Prion•added 2018/06/25 3:29 p.m.•42 views

Cross site scripting

4.3CVSS8.3AI score0.07316EPSS

Exploits0References9Affected Software28