CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

963 matches found

EUVD•added 2026/05/08 3:31 p.m.•8 views

EUVD-2026-28593

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

8.8CVSS5.9AI score0.00016EPSS

Exploits1References3

Snyk•added 2026/05/08 3:31 p.m.•5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the configuration process of the optional TinkerpopClientService. An attacker can execute arbitrary code by submitting Groovy scripts through the ByteCode Submission feature without possessing the required...

8.8CVSS6.2AI score0.00016EPSS

Exploits1References2

Github Security Blog•added 2026/05/08 3:31 p.m.•8 views

Apache NiFi is missing the Restricted annotation with the Execute Code Required Permission

8.8CVSS5.9AI score0.00016EPSS

Exploits1References7Affected Software1

OSV•added 2026/05/08 5:44 a.m.•2 views

BIT-JRE-2022-34169 Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS6AI score0.10953EPSS

Exploits2References25

Packet Storm News•added 2026/05/08 12:0 a.m.•5 views

Joern 4.0.536

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.9AI score

Exploits0

Positive Technologies•added 2026/05/08 12:0 a.m.•6 views

PT-2026-38773

7.5CVSS6AI score0.10953EPSS

Exploits2References26

OSV•added 2026/05/06 2:43 p.m.•1 views

BIT-JAVA-MIN-2022-34169 Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

7.5CVSS7AI score0.10953EPSS

Exploits2References25

OSV•added 2026/05/06 2:43 p.m.•2 views

BIT-JAVA-2022-34169 Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

7.5CVSS7.4AI score0.10953EPSS

Exploits2References25

Positive Technologies•added 2026/05/06 12:0 a.m.•5 views

PT-2026-37959

7.5CVSS6AI score0.10953EPSS

Exploits2References26

Positive Technologies•added 2026/05/06 12:0 a.m.•3 views

PT-2026-37752

7.5CVSS6AI score0.10953EPSS

Exploits2References26

Packet Storm News•added 2026/05/05 12:0 a.m.•5 views

Joern 4.0.533

5.9AI score

Exploits0

Packet Storm News•added 2026/05/04 12:0 a.m.•2 views

Joern 4.0.532

5.9AI score

Exploits0

Packet Storm News•added 2026/04/30 12:0 a.m.•2 views

Joern 4.0.530

5.3AI score

Exploits0

Packet Storm News•added 2026/04/29 12:0 a.m.•2 views

Joern 4.0.529

5.3AI score

Exploits0

Tenable Nessus•added 2026/04/28 12:0 a.m.•5 views

RockyLinux 8 : python3.12 (RLSA-2026:10950)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10950 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

9.1CVSS7AI score0.00205EPSS

Exploits1References23