Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

345 matches found

OpenVAS
OpenVASadded 2022/08/26 12:0 a.m.27 views

Ubuntu: Security Advisory (USN-859-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.4AI score0.78477EPSS
Exploits13References2
OSV
OSVadded 2022/07/27 9:15 p.m.1 views

CVE-2022-36950

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

9.8CVSS7.4AI score
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2022/07/27 9:15 p.m.1 views

CVE-2022-36950

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

9.8CVSS6AI score0.01907EPSS
Exploits0References2
NVD
NVDadded 2022/07/27 9:15 p.m.12 views

CVE-2022-36950

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

9.8CVSS0.01907EPSS
Exploits0References1
Prion
Prionadded 2022/07/27 9:15 p.m.21 views

Command injection

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

7.5CVSS9.5AI score0.01907EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2022/07/27 9:0 p.m.16 views

CVE-2022-36950

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

9.8CVSS9.8AI score0.01907EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2022/07/27 12:0 a.m.3 views

PT-2022-23697 · Veritas · Veritas Netbackup Opscenter

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup OpsCenter versions 8.x through 8.3.0.2 Veritas NetBackup OpsCenter versions 9.x through 9.0.0.1 Veritas NetBackup OpsCenter versions 9.1.x through 9.1.0.1 Veritas NetBackup OpsCenter version 10 Description: An unauthenticate...

9.8CVSS9.5AI score0.01907EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2022/06/30 6:33 p.m.1 views

keycloak-services: ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader

ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available...

4.3CVSS5.8AI score0.00364EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2022/06/01 7:56 p.m.50 views

Path Traversal in XWiki Platform

Impact One can ask for any file located in the classloader using the template API and a path with ".." in it. For example template name="../xwiki.hbm.xml"/ To our knownledge none of the available files of the classloader in XWiki Standard contain any strong confidential data, hence the low...

4CVSS4.6AI score0.00063EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/05/25 8:55 p.m.17 views

CVE-2022-29253 Path Traversal in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with ".." in it. The issue is patch...

2.7CVSS4.6AI score0.00063EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2022/05/17 4:48 a.m.29 views

Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server WAS Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to...

10CVSS6.6AI score0.08279EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blogadded 2022/05/14 1:44 a.m.20 views

Asset Pipeline plugin for Grails vulnerable to Path Traversal

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...

7.5CVSS5AI score0.00428EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2022/05/14 1:44 a.m.10 views

GHSA-G7WM-22M6-5774 Asset Pipeline plugin for Grails vulnerable to Path Traversal

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...

7.5CVSS7.5AI score0.00428EPSS
Exploits0References3
OSV
OSVadded 2022/05/14 12:54 a.m.32 views

GHSA-PRJV-JJ26-WF8H ClassLoader manipulation in Apache Struts

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for...

7.5CVSS7.6AI score0.91467EPSS
Exploits6References11
OSV
OSVadded 2022/05/14 12:54 a.m.1 views

GHSA-VRWC-QJMW-5RJM ClassLoader manipulation in Apache Struts

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...

5CVSS7.3AI score0.93134EPSS
Exploits7References12
Github Security Blog
Github Security Blogadded 2022/05/14 12:54 a.m.64 views

ClassLoader manipulation in Apache Struts

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...

5CVSS8.4AI score0.93134EPSS
Exploits7References12Affected Software2
Github Security Blog
Github Security Blogadded 2022/05/14 12:54 a.m.36 views

ClassLoader manipulation in Apache Struts

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists...

7.5CVSS8.8AI score0.82224EPSS
Exploits7References4Affected Software1
Github Security Blog
Github Security Blogadded 2022/05/14 12:54 a.m.37 views

ClassLoader manipulation in Apache Struts

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

5.8CVSS8.7AI score0.02831EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/05/14 12:54 a.m.33 views

GHSA-HMHQ-382Q-MP56 ClassLoader manipulation in Apache Struts

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

5.8CVSS6.7AI score0.02831EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEVadded 2022/05/11 12:0 a.m.0 views

VulnCheck KEV: CVE-2014-0113

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists...

7.5CVSS7.2AI score0.82224EPSS
Exploits7References1
Rows per page
Query Builder