CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

224 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в jackson-databind

In FasterXML Jackson-Databind before version 2.13.4, resource exhaustion can occur due to the lack of a check in BeanDeserializer.deserializeFromArray, which prevents the use of deeply nested arrays. An application becomes vulnerable only with certain customized choices for deserialization...

7.5CVSS6.7AI score0.0025EPSS

Exploits1References1

CVE•added 2026/05/05 7:44 p.m.•7 views

CVE-2026-40329

Masa CMS is affected by a SQL injection in the beanFeed.cfc component (getQuery handling of the sortBy parameter) in versions 7.5.2 and earlier. The vulnerability arises from insufficient sanitization/parameterization of sortBy, allowing an unauthenticated remote attacker to execute arbitrary SQL...

9.3CVSS6AI score0.00177EPSS

Exploits0References1

Veracode•added 2026/05/05 6:24 a.m.•5 views

Code Injection

Apache ActiveMQ is vulnerable to Code Injection. The vulnerability is due to improper input validation and improper control of generation of code, where an attacker can construct a malicious broker name that bypasses name validation to include an xbean binding, and then use the DestinationView...

8.8CVSS6.4AI score0.00073EPSS

Exploits0References2Affected Software3

OSV•added 2026/04/28 8:37 a.m.•0 views

BIT-ACTIVEMQ-2026-41044 Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.6AI score0.00073EPSS

Exploits0References3

Cvelist•added 2026/04/24 10:16 a.m.•23 views

CVE-2026-41044 Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

0.00073EPSS

Exploits0References1

ATTACKERKB•added 2026/04/07 8:46 p.m.•4 views

CVE-2026-33439

Open Access Management OpenAM is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution RCE via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the WhitelistObjectInputStream...

10CVSS7.7AI score0.94386EPSS

Exploits10References2Affected Software1

ATTACKERKB•added 2026/04/07 7:50 a.m.•5 views

CVE-2026-34197

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.2AI score0.83461EPSS

In wildExploits12References3Affected Software3

RedhatCVE•added 2026/03/26 3:19 p.m.•2 views

CVE-2025-67830

Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection...

9.8CVSS5.8AI score0.00046EPSS

Exploits0References1

Veracode•added 2026/03/21 5:3 a.m.•3 views

Denial Of Service (DoS)

Micronaut Framework is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of descending array index order in JsonBeanPropertyBinder::expandArrayToThreshold, where crafted form-urlencoded parameters can trigger a non-terminating loop, leading to CPU exhaustion and...

8.2CVSS5.8AI score0.00288EPSS

Exploits1References5Affected Software1

NVD•added 2026/03/18 4:16 p.m.•2 views

CVE-2025-67829

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...

9.8CVSS0.00046EPSS

Exploits0References1

ATTACKERKB•added 2026/03/18 12:0 a.m.•2 views

CVE-2025-67829

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...

5.8AI score0.00046EPSS

Exploits0References2

Vulnrichment•added 2026/03/18 12:0 a.m.•0 views

CVE-2025-67829

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...

5.8AI score0.00046EPSS

Exploits0References1

CVE•added 2026/03/18 12:0 a.m.•4 views

CVE-2025-67830

Mura before 10.1.14 is affected by an SQL injection in beanFeed.cfc getQuery sortby. The vulnerability stems from unsafely handling the sortby parameter in that function. No exploitation details are provided in the documents. Remediation details are not specified here.

9.8CVSS5.8AI score0.00046EPSS

Exploits0References1Affected Software1

Gentoo Linux•added 2026/01/26 12:0 a.m.•9 views

Commons-BeanUtils: Arbitary Code Execution

Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Impact A special BeanIntrospector class was added in...

8.8CVSS5.8AI score0.00258EPSS

Exploits1

RedhatCVE•added 2026/01/09 10:10 a.m.•9 views

CVE-2019-11642

A log poisoning vulnerability has been discovered in the OneShield Policy Dragon Core framework before 5.1.10. Authenticated remote adversaries can poison log files by entering malicious payloads in either headers or form elements. These payloads are then executed via a client side debugging...

8.8CVSS7AI score0.00439EPSS

Exploits0References1

Redos•added 2025/10/28 12:0 a.m.•3 views

ROS-20251028-09

A vulnerability in the Java library for JSON-lib bean-component conversion is related to improper handling unbalanced comment strings. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...

5.3CVSS6.8AI score0.04347EPSS

Exploits0