CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-2049

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01034EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-52999

Malicious code in bioql PyPI...

9.8CVSS9AI score0.00698EPSS

Exploits0References5

OSV•added 2025/08/20 9:30 a.m.•2 views

GHSA-HF86-8X8V-H7VC Apache EventMesh Vulnerable to Server-Side Request Forgery in WebhookUtil.java

Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch, which fixes th...

6.3CVSS5.9AI score0.00359EPSS

Exploits0References3

CNNVD•added 2025/08/20 12:0 a.m.•2 views

Apache EventMesh 安全漏洞

Apache EventMesh is a new generation of serverless event middleware from the Apache Foundation for building distributed event-driven applications. A security vulnerability exists in Apache EventMesh, which stems from a server-side request forgery vulnerability in WebhookUtil.java that could resul...

6.3CVSS6.6AI score0.00359EPSS

Exploits0References2

Positive Technologies•added 2025/08/20 12:0 a.m.•2 views

PT-2025-34179

Name of the Vulnerable Software and Affected Versions nbconvert versions up to and including 7.16.6 Description The nbconvert tool, used for converting Jupyter notebooks to various formats, has an issue on Windows systems. Converting a notebook with SVG output to PDF can lead to unauthorized code...

8.5CVSS7AI score0.00266EPSS

Exploits1References25

Positive Technologies•added 2025/06/30 12:0 a.m.•3 views

PT-2025-27409 · Apache · Apache Eventmesh

Name of the Vulnerable Software and Affected Versions: Apache EventMesh versions prior to 1.12.0 Description: This issue is a Server-Side Request Forgery SSRF within the eventmesh-runtime module, specifically in the WebhookUtil.java file, affecting Windows, Linux, and macOS operating systems. The...

6.3CVSS6AI score0.00359EPSS

Exploits0References9

CNVD•added 2025/02/19 12:0 a.m.•12 views

Apache EventMesh deserialization vulnerability (CNVD-2025-05699)

Apache EventMesh is the United States Apache Apache Foundation's new generation of serverless event middleware for building distributed event-driven applications. Apache EventMesh versions prior to 1.11.0 have a deserialization vulnerability that arises from unsafe deserialization of serialized...

9.8CVSS8AI score0.00698EPSS

Exploits0References1

RedhatCVE•added 2025/02/16 2:18 p.m.•8 views

CVE-2024-56180

CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hessian deserialization rpc protocol. Users c...

9.8CVSS7.5AI score0.00698EPSS

Exploits0References1

OSV•added 2025/02/14 3:31 p.m.•10 views

GHSA-FFVR-GMP3-XX43 Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution

9.8CVSS9.7AI score0.00698EPSS

Exploits0References5

Github Security Blog•added 2025/02/14 3:31 p.m.•11 views

Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution

9.8CVSS7.4AI score0.00698EPSS

Exploits0References5Affected Software1

NVD•added 2025/02/14 2:15 p.m.•15 views

CVE-2024-56180

9.8CVSS0.00698EPSS

Exploits0References2

OSV•added 2025/02/14 2:15 p.m.•3 views

CVE-2024-56180

9.8CVSS9.6AI score

Exploits0References2

OSV•added 2025/02/14 2:15 p.m.•1 views

UBUNTU-CVE-2024-56180

9.8CVSS6AI score0.00698EPSS

Exploits0References4

CVE•added 2025/02/14 1:34 p.m.•254 views

CVE-2024-56180

CVE-2024-56180 describes a critical deserialization vulnerability in the Apache EventMesh project: the eventmesh-meta-raft plugin in the master branch (no release version) accepts Hessian RPC data from untrusted sources, allowing remote code execution. Affects Windows/Linux/macOS environments. Ro...

9.8CVSS7.6AI score0.00698EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/02/14 1:34 p.m.•9 views

CVE-2024-56180 Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution

7.5AI score0.00698EPSS

Exploits0References1

Cvelist•added 2025/02/14 1:34 p.m.•13 views

CVE-2024-56180 Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution

0.00698EPSS

Exploits0References1

Positive Technologies•added 2025/02/14 12:0 a.m.•5 views

PT-2025-6724

Name of the Vulnerable Software and Affected Versions Apache EventMesh versions prior to 1.11.0 Description The issue concerns the deserialization of untrusted data at the eventmesh-meta-raft plugin module in Apache EventMesh, allowing attackers to send controlled messages and execute remote code...

9.8CVSS9.5AI score0.00698EPSS

Exploits0References14

CNNVD•added 2025/02/14 12:0 a.m.•4 views

Apache EventMesh 安全漏洞

9.8CVSS8.1AI score0.00698EPSS

Exploits0References3

BDU FSTEC•added 2023/09/19 12:0 a.m.•4 views

The vulnerability of the messaging software between various applications and services in the distributed Apache EventMesh environment is related to deficiencies in the deserialization mechanism. This allows attackers to execute arbitrary code.

10CVSS8.2AI score0.01034EPSS

Exploits0References3Affected Software1

Veracode•added 2023/07/18 11:31 p.m.•29 views

Remote Code Execution (RCE)

org.apache.eventmesh:eventmesh-connector-rabbitmq is vulnerable to Remote Code Execution RCE. The vulnerability is due to blindly reading a ByteArrayInputStream without sanitization in getFromByteArray, which allows an attacker to execute malicious code on the system via rabbitmq messages...

9.8CVSS7.7AI score0.01034EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by