CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

841 matches found

CVE-2026-2586

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...

9.1CVSS6AI score0.00302EPSS

Exploits1References1

RedhatCVE•added yesterday•4 views

CVE-2026-2587

A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...

9.6CVSS5.9AI score0.00146EPSS

Exploits2References1

Nuclei•added yesterday•474 views

Javafaces LFI

An Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware...

5CVSS5.5AI score0.86817EPSS

Exploits0References5

Nuclei•added yesterday•34 views

Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion

Oracle GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server. id: CVE-2017-1000029 info: name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File...

7.5CVSS7.4AI score0.68992EPSS

Exploits0References3

Nuclei•added 2 days ago•224 views

Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion

Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests. id: CVE-2017-1000028 info: name: Oracle GlassFish Server Open Source Edition 4.1 - Loc...

7.5CVSS7.1AI score0.94123EPSS

Exploits7References5

GithubExploit•added 2026/05/20 9:31 p.m.•70 views

Exploit for CVE-2026-2587

CVE-2026-2587 — GlassFish EL Injection RCE...

9.6CVSS6.1AI score0.00146EPSS

Exploits2

Github Security Blog•added 2026/05/19 3:31 p.m.•3 views

GlassFish's Administration Console is Vulnerable to RCE

9.1CVSS6.1AI score0.00302EPSS

Exploits1References4Affected Software2

OSV•added 2026/05/19 3:31 p.m.•4 views

GHSA-96V6-HQ43-X9H4 GlassFish's Administration Console is Vulnerable to RCE

9.1CVSS6.1AI score0.00302EPSS

Exploits1References4

Github Security Blog•added 2026/05/19 3:31 p.m.•5 views

GlassFish's gadget handler is vulnerable to RCE

9.6CVSS6AI score0.00146EPSS

Exploits2References4Affected Software2

OSV•added 2026/05/19 3:31 p.m.•3 views

GHSA-29WV-CV7P-XJC2 GlassFish's gadget handler is vulnerable to RCE

9.6CVSS6AI score0.00146EPSS

Exploits2References4

NVD•added 2026/05/19 3:16 p.m.•8 views

CVE-2026-2587

9.6CVSS0.00146EPSS

Exploits2References1

NVD•added 2026/05/19 3:16 p.m.•7 views

CVE-2026-2586

9.1CVSS0.00302EPSS

Exploits1References1

CVE•added 2026/05/19 2:12 p.m.•14 views

CVE-2026-2586

CVE-2026-2586: An authenticated RCE in GlassFish Administration Console. A user with console access can send crafted requests to execute arbitrary OS commands with the privileges of the application service user. Affected: GlassFish Admin Console. Impact (per provided metrics): high confidentialit...

9.1CVSS6.1AI score0.00302EPSS

Exploits1References1Affected Software1