CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6338 matches found

NVD•added 2026/06/03 11:16 a.m.•7 views

CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS0.00586EPSS

Exploits0References1

EUVD•added 2026/06/03 9:39 a.m.•8 views

EUVD-2026-34069

9.8CVSS5.8AI score0.00586EPSS

Exploits0References1

Cvelist•added 2026/06/03 9:39 a.m.•33 views

CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232

9.8CVSS0.00586EPSS

Exploits0References1

ATTACKERKB•added 2026/06/03 9:39 a.m.•5 views

CVE-2026-47065

9.8CVSS5.8AI score0.00586EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/06/03 9:39 a.m.•7 views

CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232

9.8CVSS5.8AI score0.00586EPSS

Exploits0References1

Debian CVE•added 2026/06/03 9:39 a.m.•5 views

CVE-2026-47065

9.8CVSS5.5AI score0.00586EPSS

Exploits0

CVE•added 2026/06/03 9:39 a.m.•76 views

CVE-2026-47065

CVE-2026-47065 (Apache MINA context) describes two deserialization bypass issues: first, resolveProxyClass bypasses the accept/allow-list when JDK resolves proxy interfaces from a serialized proxy via ObjectInputStream.readProxyDesc(), and second, readClassDescriptor triggers static initializers ...

9.8CVSS5.8AI score0.00586EPSS

Exploits0References1

Positive Technologies•added 2026/06/03 12:0 a.m.•14 views

PT-2026-45913

Name of the Vulnerable Software and Affected Versions Java affected versions not specified Description Two issues exist regarding Java deserialization filters. First, a filter bypass occurs when a serialized stream contains a TC PROXYCLASSDESC marker for a java.lang.reflect.Proxy. In this case,...

9.8CVSS5.8AI score0.00586EPSS

Exploits0References7

Cvelist•added 2026/06/03 12:0 a.m.•34 views

CVE-2026-36609

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding securityEncode function, this allows an attacker to reverse captured authentication...

0.00166EPSS

Exploits0References1

ATTACKERKB•added 2026/06/03 12:0 a.m.•5 views

CVE-2026-36609

7.3CVSS5.8AI score0.00166EPSS

Exploits0References2

EUVD•added 2026/06/03 12:0 a.m.•8 views

EUVD-2026-34148

7.3CVSS5.8AI score0.00166EPSS

Exploits0References1

Positive Technologies•added 2026/06/03 12:0 a.m.•7 views

PT-2026-45997

Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding securityEncode function, this allows an attacker to reverse captured authenticati...

5.8AI score0.00166EPSS

Exploits0References2

Vulnrichment•added 2026/06/03 12:0 a.m.•8 views

CVE-2026-36609

5.8AI score0.00166EPSS

Exploits0References1

Packet Storm News•added 2026/06/03 12:0 a.m.•4 views

Description-Code Inconsistency in Real-World MCP Servers: Measurement, Detection, and Security Implications

The Model Context Protocol MCP has emerged as a critical standard empowering Large Language Models LLMs to utilize external tools. In this ecosystem, LLMs rely on natural language descriptions provided by MCP servers to select and execute functions. This interaction implicitly assumes that tool...

6AI score

Exploits0

CNNVD•added 2026/06/03 12:0 a.m.•3 views

Mercusys AC12G 安全漏洞

The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version has a security vulnerability. This vulnerability stems from the use of static authentication random numbers, which may allow attackers to recover the plaintext...

7.3CVSS5.4AI score0.00166EPSS

Exploits0References1

CVE•added 2026/06/03 12:0 a.m.•9 views

CVE-2026-36609

Mercusys AC12G (EU) V1 router affected. The vulnerability stems from a static authentication nonce that does not change between requests from the same source IP, compounded by a predictable XOR-based password encoding (securityEncode). This combination enables an attacker who captures authenticat...

7.3CVSS5.8AI score0.00166EPSS

Exploits0References1

Positive Technologies•added 2026/06/03 12:0 a.m.•11 views

PT-2026-46095

When using React Router v7 Framework Mode with Pre-rendering enabled, an improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in statically generated HTML files if the redirect location comes from an untrusted source. !NOTE This does not impact your React...

5.4CVSS5.8AI score0.00144EPSS

Exploits0References4

NVD•added 2026/06/02 11:16 p.m.•11 views

CVE-2026-25861

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

8.2CVSS0.00178EPSS

Exploits0References3

CVE•added 2026/06/02 10:9 p.m.•23 views

CVE-2026-25861

CVE-2026-25861 affects QloApps 1.7.0. The vulnerability is in the password hashing path: Tools::encrypt() in classes/Tools.php uses MD5 with a static cookie key, allowing offline brute-forcing of credentials. The risk is heightened by auto-generated 8-character guest-to-customer passwords in clas...

8.2CVSS5.8AI score0.00178EPSS

Exploits0References3

Cvelist•added 2026/06/02 10:9 p.m.•30 views

CVE-2026-25861 QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php

8.2CVSS0.00178EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by