Lucene search
K

25 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-55153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI...

7.1CVSS6.1AI score0.00327EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-55223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a sink for deserialization...

6.3CVSS5.9AI score0.00284EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 8:2 p.m.3 views

CVE-2026-55153 mchange-commons-java contains elements susceptible to abuse via JNDI injection and "deserialization gadgets"

mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory will construct objects of arbitrary classes and initialize...

7.1CVSS6AI score0.00327EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.18 views

CVE-2019-11642

A log poisoning vulnerability has been discovered in the OneShield Policy Dragon Core framework before 5.1.10. Authenticated remote adversaries can poison log files by entering malicious payloads in either headers or form elements. These payloads are then executed via a client side debugging...

8.8CVSS7AI score0.01543EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-3312

Malware in sbrugna...

8.8CVSS8.8AI score0.01543EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-30122

Malware in sbrugna...

9.8CVSS9.4AI score0.01663EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1227

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.02006EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:43 p.m.9 views

CVE-2020-9296

Netflix Titus uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passe...

9.8CVSS6.8AI score0.02006EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:6 p.m.7 views

CVE-2020-9297

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...

9.8CVSS6.9AI score0.01663EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2022/04/29 9:58 a.m.305 views

Exploit for Code Injection in Vmware Spring_Framework

漏洞简介 最近spring爆出重磅级CVE漏洞,cve信息显示"A Spring MVC or Spring WebFl...

9.8CVSS9.3AI score0.99677EPSS
Exploits108
Github Security Blog
Github Security Blog
added 2022/02/10 11:6 p.m.78 views

Expression Language Injection in Netflix Conductor

Netflix Conductor uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being...

9.8CVSS8.9AI score0.02006EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.3 views

Primekey Solutions PrimeKey EJBCA 安全漏洞

Primekey Solutions PrimeKey EJBCA is a full-featured CA system software from PrimeKey Solutions Primekey Solutions, Sweden. The software is used for domain certificate management, enrollment and enrollment-to-certificate validation and other functions to achieve access security. A security...

2.3CVSS5AI score0.00223EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2020/11/19 9:34 p.m.109 views

German COVID-19 Contact-Tracing Vulnerability Allowed RCE

A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App CWA, would have allowed pre-authenticated remote code execution RCE. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security La...

7.8AI score
Exploits0References9
NVD
NVD
added 2020/07/14 8:15 p.m.16 views

CVE-2020-9297

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...

9.8CVSS0.01663EPSS
Exploits0References1
OSV
OSV
added 2020/07/14 8:15 p.m.3 views

CVE-2020-9297

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...

9.8CVSS7.4AI score0.01663EPSS
Exploits0References1
Prion
Prion
added 2020/07/14 8:15 p.m.14 views

Code injection

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...

7.5CVSS9.3AI score0.01663EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/14 7:7 p.m.20 views

CVE-2020-9297

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...

9.4AI score0.01663EPSS
Exploits0References1
NVD
NVD
added 2020/06/16 2:15 p.m.22 views

CVE-2020-9296

Netflix Titus uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passe...

9.8CVSS0.02006EPSS
Exploits0References1
OSV
OSV
added 2020/06/16 2:15 p.m.14 views

CVE-2020-9296

Netflix Titus uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passe...

9.8CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2020/05/04 1:15 p.m.28 views

CVE-2020-1959

A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution RCE vulnerability. Apache Syncope uses Java Bean Validation JSR 380 custom constraint validators. When...

9.8CVSS7.8AI score
Exploits0References1
Rows per page
Query Builder