CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

RedhatCVE•added 2026/01/09 9:32 a.m.•8 views

CVE-2024-39332

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server...

9.8CVSS7.9AI score0.01239EPSS

Exploits1References1

OSSF Malicious Packages•added 2025/11/02 8:50 p.m.•4 views

Malicious code in webswing-directdraw-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e79387f18b95e5ef7af4d75095dd85e7dedcff2c1e2a068795989cc559bbc695 The package webswing-directdraw-javascript was found to contain malicious code. Source: ossf-package-analysis...

7.1AI score

Exploits0

EUVD•added 2025/11/02 8:50 p.m.•5 views

EUVD-2025-37445

Malicious code in webswing-directdraw-javascript npm...

6.6AI score

Exploits0

OSV•added 2025/11/02 8:50 p.m.•4 views

MAL-2025-49309 Malicious code in webswing-directdraw-javascript (npm)

7.1AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-3461

Malware in sbrugna...

9.8CVSS9.4AI score0.02731EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-37818

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00877EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 11:6 p.m.•13 views

CVE-2022-34914

Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The clientIp variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary valu...

9.8CVSS7.2AI score0.00877EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 3:8 p.m.•4 views

CVE-2020-11103

JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution...

9.8CVSS7.6AI score0.02731EPSS

Exploits0References1

OSV•added 2024/10/31 7:15 p.m.•3 views

CVE-2024-39332

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server...

9.8CVSS6.4AI score0.01239EPSS

Exploits1References1

NVD•added 2024/10/31 7:15 p.m.•18 views

CVE-2024-39332

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server...

9.8CVSS0.01239EPSS

Exploits1References1

CVE•added 2024/10/31 12:0 a.m.•48 views

CVE-2024-39332

Webswing 23.2.2 is affected. The vulnerability allows remote attackers to modify client-side JavaScript, enabling path traversal and likely remote code execution through modification of server shell scripts. Affected component: Webswing (version 23.2.2). Root cause: server-side handling that perm...

9.8CVSS7.9AI score0.01239EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2024/10/31 12:0 a.m.•4 views

PT-2024-28453 · Webswing · Webswing

Name of the Vulnerable Software and Affected Versions: Webswing version 23.2.2 Description: Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, potentially leading to remote code execution through modification of shell scripts on the server...

9.8CVSS7.2AI score0.01239EPSS

Exploits1References6

CNNVD•added 2024/10/31 12:0 a.m.•5 views

Webswing 安全漏洞

Webswing is a specialized web server from the Webswing community for running Java Swing and JavaFX based applications in a web browser. A security vulnerability exists in Webswing version 23.2.2 that originates from a remote attacker who can modify client-side JavaScript code to enable path...

9.8CVSS7.8AI score0.01239EPSS

Exploits1References1

Cvelist•added 2024/10/31 12:0 a.m.•17 views

CVE-2024-39332

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server...

0.01239EPSS

Exploits1References1

Vulnrichment•added 2024/10/31 12:0 a.m.•16 views

CVE-2024-39332

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server...

7.8AI score0.01239EPSS

Exploits1References1

NVD•added 2022/07/08 7:15 p.m.•12 views

CVE-2022-34914

9.8CVSS0.00877EPSS

Exploits0References2

OSV•added 2022/07/08 7:15 p.m.•5 views

CVE-2022-34914

9.8CVSS5.9AI score0.00877EPSS

Exploits0References2

Prion•added 2022/07/08 7:15 p.m.•17 views

Design/Logic Flaw

6.8CVSS9.3AI score0.00877EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/07/08 6:38 p.m.•16 views

CVE-2022-34914

9.6AI score0.00877EPSS

Exploits0References2

CVE•added 2022/07/08 6:38 p.m.•61 views

CVE-2022-34914

CVE-2022-34914 affects Webswing prior to 22.1.3. The issue arises from X-Forwarded-For header injection into the clientIp configuration variable, allowing a client to substitute startup arguments by manipulating the header, and injecting multiple arguments into the session startup. Systems that d...

9.8CVSS9.3AI score0.00877EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by