Lucene search
K

332 matches found

RedHat Linux
RedHat Linux
added 2025/06/25 12:21 a.m.4 views

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

7.5CVSS5.8AI score0.0172EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 5:23 p.m.6 views

CVE-2020-11998

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack:...

9.8CVSS9.5AI score0.51225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 10:49 p.m.22 views

CVE-2025-0758

Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CWE-732 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed wit...

6.1CVSS6.7AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 11:15 p.m.35 views

CVE-2025-0758

Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CWE-732 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed...

6.1CVSS0.00135EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 10:12 p.m.6 views

CVE-2025-0758 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource

Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CWE-732 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed...

6.1CVSS6.2AI score0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 10:12 p.m.26 views

CVE-2025-0758 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource

Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CWE-732 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed...

6.1CVSS0.00135EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.4 views

Hitachi Vantara Pentaho Business Analytics Server 安全漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.2, 9.3.x, and 8.3.x. The...

6.1CVSS6.6AI score0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.8 views

PT-2025-16912 · Hitachi Vantara +1 · Hitachi Vantara Pentaho Business Analytics Server +1

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.2 Hitachi Vantara Pentaho Business Analytics Server versions 9.3.x Hitachi Vantara Pentaho Business Analytics Server versions 8.3.x Description: The product specifies...

6.1CVSS6.2AI score0.00135EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:37 a.m.37 views

Security Bulletin: Vulnerability in IBM® Host Access Beans affects IBM Host Access Transformation Services

Summary There is a vulnerability in IBM Host Access Beans 4 used by Host Access Transformation Services. Host Access Transformation Services has provided a fix for the applicable CVE. The CVE is listed as CVE-2021-38938. Vulnerability Details CVEID:CVE-2021-38938 DESCRIPTION: IBM Host Access...

6.2CVSS5.7AI score0.00166EPSS
Exploits0Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2024/05/01 12:0 a.m.15 views

Spring Tips: Beans, Beans: What's in a Spring bean?

Hi, Spring fans! In this installment we explore the essential Spring bean. What are they, how are they created, and what do they mean to you?...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/16 10:4 p.m.9 views

Friday Squid Blogging: Vegan Squid-Ink Pasta

It uses black beans for color and seaweed for flavor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.3AI score
Exploits0
GithubExploit
GithubExploit
added 2023/12/30 8:2 p.m.158 views

Exploit for Deserialization of Untrusted Data in Apache Activemq

Active MQ CVE-2023-46604 exploit This repository is a guide w...

10CVSS7.9AI score0.99654EPSS
Exploits31
vulnersOsv
vulnersOsv
added 2023/10/24 1:49 a.m.7 views

ai.platon.pulsar:pulsar-beans (>=1.12.0 <=2.1.0), ai.platon.pulsar:pulsar-filter (>=1.12.0 <=2.1.0) +2777 more potentially affected by CVE-2023-46120 via com.rabbitmq:amqp-client (>=1.7.2 <=5.17.1)

com.rabbitmq:amqp-client MAVEN version =1.7.2, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =0.1, =1.0.4, =1.0.4, =0.1, =0.1, =1.0.8, =1.0.8, =3.0.0 and more Source cves: CVE-2023-46120 Source advisory: OSV:GHSA-MM8H-8587-P46H...

7.5CVSS6.5AI score0.01061EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/07/28 12:0 a.m.3 views

PT-2023-26743 · Oscore · Oscore

Name of the Vulnerable Software and Affected Versions: oscore versions 2.2.6 and below Description: The issue is related to a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability can be exploited by passing an unchecked argument to the...

9.8CVSS9.3AI score0.00987EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.343 views

WordPress SEO Alert 1.59 Cross Site Scripting

Tittle: WordPress Plugin SEO ALert 3. Save to get the XSS trigger. Classification: Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/0af475ba-5c02-4f62-876d-6235a745bbd6...

7.1AI score0.00472EPSS
Exploits3
wpexploit
wpexploit
added 2023/04/26 12:0 a.m.194 views

SEO ALert <= 1.59 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Vanilla Beans » SEO Alert. 2. In "Slack...

5.4AI score0.00472EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2023/03/09 12:0 a.m.14 views

7.19.0 < 7.19.3 Embedded Spring-Beans Denial Of Service

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.9 prior to 7.13.12, 7.19.0 prior to 7.19.3. It is, therefore, affected by a Denial of Service DoS attack vulnerability when relying on attacker controlled data binding to set a...

5.3CVSS7.2AI score0.01978EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/03/09 12:0 a.m.29 views

Atlassian Confluence 7.13.9 < 7.13.12 Embedded Spring-Beans Denial Of Service

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.9 prior to 7.13.12, 7.19.0 prior to 7.19.3. It is, therefore, affected by a Denial of Service DoS attack vulnerability when relying on attacker controlled data binding to set a...

5.3CVSS7.2AI score0.01978EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.4 views

SUSE CVE-2009-2085

The Security component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans E...

7.5CVSS6.8AI score0.0237EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.4 views

SUSE CVE-2009-2090

Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions JMX Management Beans aka MBeans access restrictions, and cause a denial of service...

5CVSS6.7AI score0.02562EPSS
Exploits0References3
Rows per page
Query Builder