Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 9:32 a.m.5 views

CVE-2024-39332

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server...

9.8CVSS7.9AI score0.0253EPSS
Exploits1References1
OSV
OSVadded 2025/11/02 8:50 p.m.1 views

MAL-2025-49309 Malicious code in webswing-directdraw-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e79387f18b95e5ef7af4d75095dd85e7dedcff2c1e2a068795989cc559bbc695 The package webswing-directdraw-javascript was found to contain malicious code. Source: ossf-package-analysis...

7.1AI score
Exploits0
EUVD
EUVDadded 2025/11/02 8:50 p.m.1 views

EUVD-2025-37445

Malicious code in webswing-directdraw-javascript npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/11/02 8:50 p.m.3 views

Malicious code in webswing-directdraw-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e79387f18b95e5ef7af4d75095dd85e7dedcff2c1e2a068795989cc559bbc695 The package webswing-directdraw-javascript was found to contain malicious code. Source: ossf-package-analysis...

7.1AI score
Exploits0
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2020-3461

Malware in sbrugna...

9.8CVSS9.4AI score0.01314EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-37818

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00895EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/05/22 11:6 p.m.9 views

CVE-2022-34914

Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The clientIp variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary valu...

9.8CVSS7.2AI score0.00895EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 3:8 p.m.3 views

CVE-2020-11103

JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution...

9.8CVSS7.6AI score0.01314EPSS
Exploits0References1
OSV
OSVadded 2024/10/31 7:15 p.m.0 views

CVE-2024-39332

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server...

9.8CVSS6.4AI score0.0253EPSS
Exploits1References1
NVD
NVDadded 2024/10/31 7:15 p.m.12 views

CVE-2024-39332

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server...

9.8CVSS0.0253EPSS
Exploits1References1
CVE
CVEadded 2024/10/31 12:0 a.m.44 views

CVE-2024-39332

Webswing 23.2.2 is affected. The vulnerability allows remote attackers to modify client-side JavaScript, enabling path traversal and likely remote code execution through modification of server shell scripts. Affected component: Webswing (version 23.2.2). Root cause: server-side handling that perm...

9.8CVSS7.9AI score0.0253EPSS
Exploits1References1Affected Software1
CNNVD
CNNVDadded 2024/10/31 12:0 a.m.1 views

Webswing 安全漏洞

Webswing is a specialized web server from the Webswing community for running Java Swing and JavaFX based applications in a web browser. A security vulnerability exists in Webswing version 23.2.2 that originates from a remote attacker who can modify client-side JavaScript code to enable path...

9.8CVSS7.8AI score0.0253EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/10/31 12:0 a.m.2 views

PT-2024-28453 · Webswing · Webswing

Name of the Vulnerable Software and Affected Versions: Webswing version 23.2.2 Description: Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, potentially leading to remote code execution through modification of shell scripts on the server...

9.8CVSS7.2AI score0.0253EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2024/10/31 12:0 a.m.15 views

CVE-2024-39332

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server...

7.8AI score0.0253EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/10/31 12:0 a.m.14 views

CVE-2024-39332

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server...

0.0253EPSS
Exploits1References1
NVD
NVDadded 2022/07/08 7:15 p.m.9 views

CVE-2022-34914

Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The clientIp variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary valu...

9.8CVSS0.00895EPSS
Exploits0References2
OSV
OSVadded 2022/07/08 7:15 p.m.1 views

CVE-2022-34914

Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The clientIp variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary valu...

9.8CVSS5.9AI score0.00895EPSS
Exploits0References2
Prion
Prionadded 2022/07/08 7:15 p.m.12 views

Design/Logic Flaw

Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The clientIp variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary valu...

6.8CVSS9.3AI score0.00895EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2022/07/08 6:38 p.m.57 views

CVE-2022-34914

CVE-2022-34914 affects Webswing prior to 22.1.3. The issue arises from X-Forwarded-For header injection into the clientIp configuration variable, allowing a client to substitute startup arguments by manipulating the header, and injecting multiple arguments into the session startup. Systems that d...

9.8CVSS9.3AI score0.00895EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2022/07/08 6:38 p.m.13 views

CVE-2022-34914

Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The clientIp variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary valu...

9.6AI score0.00895EPSS
Exploits0References2
Rows per page
Query Builder