CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

RedhatCVE•added 2026/05/11 8:27 p.m.•8 views

CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS5.6AI score0.00053EPSS

Exploits0References1

EUVD•added 2026/05/10 12:33 a.m.•5 views

EUVD-2026-28947

5.8CVSS5.6AI score0.00053EPSS

Exploits0References5

NVD•added 2026/05/09 11:16 p.m.•7 views

CVE-2026-8211

5.8CVSS0.00053EPSS

Exploits0References4

CVE•added 2026/05/09 10:15 p.m.•9 views

CVE-2026-8211

CVE-2026-8211 affects codelibs Fess up to 15.5.1. The vulnerability lies in the JSP File Handler’s AdminDesignAction.java update function, where manipulation of the content argument enables code injection. Attacks can be performed remotely, and the exploit is public. No remediation details are pr...

5.8CVSS5.6AI score0.00053EPSS

Exploits0References4

Cvelist•added 2026/05/09 10:15 p.m.•26 views

CVE-2026-8211 codelibs Fess JSP File AdminDesignAction.java update code injection

5.8CVSS0.00053EPSS

Exploits0References4

Vulnrichment•added 2026/05/09 10:15 p.m.•3 views

CVE-2026-8211 codelibs Fess JSP File AdminDesignAction.java update code injection

5.8CVSS5.6AI score0.00053EPSS

Exploits0References4

ATTACKERKB•added 2026/05/09 10:15 p.m.•3 views

CVE-2026-8211

5.8CVSS5.6AI score0.00053EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/05/09 12:0 a.m.•6 views

PT-2026-39423

Name of the Vulnerable Software and Affected Versions codelibs Fess versions prior to 15.5.2 Description Remote code injection is possible via the JSP File Handler component. The update function within the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java fails to properly handle...

5.8CVSS5.9AI score0.00053EPSS

Exploits0References6

CNNVD•added 2026/05/09 12:0 a.m.•4 views

Fess 注入漏洞

Fess is a powerful and easy-to-deploy enterprise search server developed by the CodeLibs Project. Versions of Fess 15.5.1 and earlier contained a vulnerability due to an injection flaw in the JSP File Handler component. This flaw stemmed from the update function in the...

5.8CVSS5.9AI score0.00053EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-28217

Malicious code in bioql PyPI...

5.5CVSS6.3AI score0.00087EPSS

Exploits0References3

Veracode•added 2025/05/28 3:58 a.m.•6 views

Information Disclosure

org.codelibs.fess, fess is vulnerable to Information Disclosure. The vulnerability is due to insecure temporary file creation by the use of createTempFile without setting restrictive permissions, which allows an attacker with local access to read sensitive data from these files...

5.5CVSS6.3AI score0.00087EPSS

Exploits0References4Affected Software1

OSV•added 2025/05/27 6:0 p.m.•4 views

GHSA-G88V-2J67-9RMX Fess has Insecure Temporary File Permissions

Summary Fess an open-source Enterprise Search Server creates temporary files without restrictive permissions, which may allow local attackers to read sensitive information from these temporary files. Details The createTempFile method in org.codelibs.fess.helper.SystemHelper creates temporary file...

5.1CVSS5.7AI score0.00087EPSS

Exploits0References4

Github Security Blog•added 2025/05/27 6:0 p.m.•12 views

Fess has Insecure Temporary File Permissions

5.5CVSS5.9AI score0.00087EPSS

Exploits0References4Affected Software1

NVD•added 2025/05/27 5:15 a.m.•14 views

CVE-2025-48382

Fess is a deployable Enterprise Search Server. Prior to version 14.19.2, the createTempFile method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to potential information disclosure, allowing unauthorized local...

5.5CVSS0.00087EPSS

Exploits0References2

Snyk•added 2025/05/27 4:47 a.m.•2 views

Incorrect Permission Assignment for Critical Resource

Overview org.codelibs.fess:fess is an Enterprise Search Server. You can install and run Fess quickly on any platforms, which have Java runtime environment. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource. Due to the createTempFile method i...

5.5CVSS6.7AI score0.00087EPSS

Exploits0References2

Vulnrichment•added 2025/05/27 4:32 a.m.•8 views

CVE-2025-48382 Fess has Insecure Temporary File Permissions

5.1CVSS6.3AI score0.00087EPSS

Exploits0References2

CVE•added 2025/05/27 4:32 a.m.•62 views

CVE-2025-48382

CVE-2025-48382 — Fess insecure temporary file permissions Fess (enterprise search server) is affected by createTempFile() in org.codelibs.fess.helper.SystemHelper, which creates temporary files without restrictive permissions. This can lead to information disclosure by local attackers in multi-us...

5.5CVSS6AI score0.00087EPSS

Exploits0References2Affected Software1

OSV•added 2025/05/27 4:32 a.m.•3 views

CVE-2025-48382 Fess has Insecure Temporary File Permissions

5.1CVSS5.9AI score0.00087EPSS

Exploits0References4

Cvelist•added 2025/05/27 4:32 a.m.•12 views

CVE-2025-48382 Fess has Insecure Temporary File Permissions

5.1CVSS0.00087EPSS

Exploits0References2

CNNVD•added 2025/05/27 12:0 a.m.•1 views

Fess 安全漏洞

Fess is a powerful and easy-to-deploy enterprise search server open-sourced by CodeLibs Project. A security vulnerability exists in Fess versions prior to 14.19.2, which stems from the createTempFile method not having strict permissions set, which could lead to information disclosure...

5.5CVSS6.1AI score0.00087EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by