Lucene search
K

284 matches found

NVD
NVD
added 2026/06/30 8:17 p.m.5 views

CVE-2026-13759

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

8.8CVSS0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:24 p.m.36 views

CVE-2026-13759 IBM WebSphere eXtreme Scale is affected by Insecure Deserilization

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

7.5CVSS0.00303EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:24 p.m.6 views

CVE-2026-13759

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

7.5CVSS6.2AI score0.00303EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.13 views

PT-2026-53942

Name of the Vulnerable Software and Affected Versions IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 Description Three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, and ObjectInputStreamResolver do not install a JEP-290 class filter, which i...

8.8CVSS6.9AI score0.00303EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 3:39 p.m.7 views

EUVD-2025-210362

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

9.6CVSS6.2AI score0.004EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 3:39 p.m.18 views

CVE-2025-11919

CVE-2025-11919 affects Wolfram Cloud (multi-tenant environment) where the default JVM can access temporary resources under /tmp, including other users’ TemporaryDirectory. A race during JVM startup allows an attacker with access to shared /tmp to create/replace .jar files via the -init file, caus...

9.6CVSS6.2AI score0.004EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 3:39 p.m.36 views

CVE-2025-11919 Unprotected temporary directories in Wolfram Cloud may result in privilege escalation

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

0.004EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/25 11:24 p.m.8 views

CVE-2026-13006

A flaw was found in logback-core, a logging framework for Java applications. This vulnerability allows an attacker with existing privileges and write access to a configuration file, or the ability to inject a malicious environment variable, to execute arbitrary code. This can be achieved by...

7CVSS6.1AI score0.00122EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.38 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

0.00594EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38761

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

7.5CVSS6AI score0.00594EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/24 1:20 p.m.7 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

8.5CVSS5.8AI score0.00594EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/24 5:41 a.m.6 views

CVE-2026-13006 Incomplete protection against CVE-2025-11226

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.36 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...

7CVSS6.1AI score0.00122EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/24 5:41 a.m.6 views

CVE-2026-13006

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.36 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...

7CVSS6.1AI score0.00122EPSS
Exploits0
CVE
CVE
added 2026/06/24 5:41 a.m.110 views

CVE-2026-13006

CVE-2026-13006 affects Java applications using logback-core up to version 1.5.34. The issue arises in conditional configuration file processing, allowing an attacker to execute arbitrary code while bypassing protections against CVE-2025-11226. A successful attack requires Janino on the classpath ...

7CVSS6.1AI score0.00122EPSS
Exploits0References1
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/24 12:0 a.m.7 views

Script security bypass vulnerability in script-security

script-security 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations such as @CompileStatic and @TypeChecked that carry an extensions member, which causes Groovy to load and execute a script from the classpath at compile time, before the sandbox is applied. This ma...

8.5CVSS5.9AI score0.00594EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/23 6:47 p.m.8 views

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

8.9CVSS6.5AI score0.00534EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/11 5:4 a.m.14 views

EUVD-2026-36212

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated Connection field and the classpath contains specifi...

8.1CVSS5.7AI score0.0043EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in LibreOffice

Versions of Apache OpenOffice prior to 4.1.14 may be configured to add an empty entry to the Java class path. This may allow for the execution of arbitrary Java code from the current directory...

7.8CVSS7.8AI score0.00872EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.16 views

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

8.9CVSS7.8AI score0.00534EPSS
Exploits0References9
OSV
OSV
added 2026/05/03 9:55 a.m.6 views

OESA-2026-2127 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: 'Severity: low \n\nAffected versions:\n\n- Apache ActiveMQ Client org.apache.activemq:activemq-client before 5.19.3\n- Apache ActiveMQ Client org.apache.activemq:activemq-client 6.0.0 before...

8.8CVSS6.4AI score0.96666EPSS
Exploits13References8
Rows per page
Query Builder