CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

187 matches found

Nacos <1.4.1 - Authentication Bypass

Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint i...

8.6CVSS7.1AI score0.64697EPSS

Exploits2References5

OSV•added 2026/06/17 1:52 p.m.•3 views

ROOT-APP-MAVEN-CVE-2022-46337 CVE-2022-46337 in io.root.org.apache.derby:derby - Patched by Root

Root has patched CVE-2022-46337 in the io.root.org.apache.derby:derby package for Root:Maven. Multiple fixed versions available...

9.8CVSS5.2AI score0.01418EPSS

Exploits0

Tenable Nessus•added 2026/05/22 12:0 a.m.•9 views

Unity Linux 20.1060e / 20.1070e Security Update: derby (UTSA-2026-016640)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016640 advisory. In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and...

5.3CVSS7.2AI score0.04504EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability in Derby

A cleverly designed username can bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could allow an attacker to create unnecessary Derby databases, thereby filling up storage space. In LDAP-authenticated Derby installations, the attacker could also execute malware...

9.8CVSS7.2AI score0.01418EPSS

Exploits0References1

IBM Security Bulletins•added 2026/03/06 9:25 a.m.•13 views

Security Bulletin: Multiple vulnerabilties affects IBM DB2 Data Management Console

Summary sshd-common-2.10.0.jar, dompurify-2.2.7.tgz, derby-10.16.1.1.jar, ion-java-1.2.0.jar dependency packages are being used by IBM Db2 Data Management Console. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2024-41909 DESCRIPTION:...

10CVSS5.9AI score0.01418EPSS

Exploits4Affected Software1

OSV•added 2025/11/25 12:30 a.m.•7 views

CVE-2025-65951 Inside Track / Entropy Derby Timelock Encryption Bypassed via Pre-Computed VDF Output Leakage

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted...

8.7CVSS6.8AI score0.00103EPSS

Exploits0References4

CVE•added 2025/11/25 12:30 a.m.•13 views

CVE-2025-65951

CVE-2025-65951 affects Inside Track / Entropy Derby. Before commit 2d38d2f , the VDF-based timelock encryption did not enforce sequential delay against the betting operator, enabling bettors to pre-compute the Wesolowski VDF and include the output in encrypted bets. This allowed the house to decr...

8.7CVSS6.5AI score0.00103EPSS

Exploits0References2

IBM Security Bulletins•added 2025/11/06 7:8 a.m.•3 views

Security Bulletin: Due to the use of derby IBM webMethods BPM is vulnerable to unauthorized LDAP authentication

Summary IBM webMethods BPM is using derby which is affected by a known vulnerability CVE-2022-46337. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: A cleverly devised username might bypass LDAP authentication check...

9.8CVSS7.2AI score0.01418EPSS

Exploits0Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•7 views

EUVD-2006-7195

Malware in sbrugna...

4CVSS9AI score0.02175EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-5206