CVE-2026-42588 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.5-2.2.1.AXS4 (AXSA:2012-909:02)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-909:02 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2012-0547 Unspecified vulnerability in the Java Runtime Environment JRE...

ysoserial

ysoserial !GitHub releasehttps://img.shields.io/github/do...

Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to spring-beans-6.2.3.jar (CVE-2025-41242)

Summary IBM Sterling Connect:Direct Web Services is vulnerable toPath Traversal Vulnerability in spring-beans-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a...

EUVD-2012-4477

Malware in sbrugna...

EUVD-2013-0455

Malware in sbrugna...

EUVD-2009-2086

Malware in sbrugna...

EUVD-2013-5626

Malware in sbrugna...

EUVD-2025-11528

Malicious code in bioql PyPI...

EUVD-2022-5420

Malicious code in bioql PyPI...

ysoserial

This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, called ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Jav...

ysoserial

This is a Java-based proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, named ysoserial, is designed to create gadgets that can be used to execute arbitrary commands on a vulnerable application. The gadgets are created by wrapping a...

Valtimo scripting engine can be used to gain access to sensitive data or resources

Impact Any admin that can create or modify and execute process-definitions could gain access to sensitive data or resources. This includes but is not limited to: - Running executables on the application host - Inspecting and extracting data from the host environment or application properties -...

Linux Distros Unpatched Vulnerability : CVE-2022-2764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations. CVE-2022-2764 Note that...

Malicious code in a-lbum-do-wnload-avai-lable-file-168311-grits-beans-and-greens-the-lost-fontana-studio-sessions-1969-hotvj-ounwwp (npm)

The package a-lbum-do-wnload-avai-lable-file-168311-grits-beans-and-greens-the-lost-fontana-studio-sessions-1969-hotvj-ounwwp was found to contain malicious code...

Relative Path Traversal

Overview org.springframework:spring-beans is a package that is the basis for Spring Framework's IoC container. The BeanFactory interface provides an advanced configuration mechanism capable of managing any type of object. Affected versions of this package are vulnerable to Relative Path Traversal...

ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0) +21501 more potentially affected by CVE-2025-41242 via org.springframework:spring-beans (>=6.0.0 <=6.2.1)

org.springframework:spring-beans MAVEN version =6.0.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.11.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 -...

org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution

A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...

org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution

A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...

org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution

A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...