CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

348 matches found

Snyk•added 2026/05/17 1:36 p.m.•4 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the pre-auth logic that enables an attacker to activate the default-disabled POJO import feature. The attacker can then upload and import a malicious Java POJO leading to execution of arbitrary code by...

8.8CVSS5.9AI score0.0031EPSS

Exploits0References2

Snyk•added 2026/05/17 1:36 p.m.•3 views

Incorrect Privilege Assignment

8.8CVSS6.1AI score0.0031EPSS

Exploits0References2

RedhatCVE•added 2026/03/05 7:30 p.m.•4 views

CVE-2026-20131

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java...

10CVSS6.4AI score0.27551EPSS

Exploits4References1

Veracode•added 2026/01/08 9:8 a.m.•5 views

Deserialization Of Untrusted Data

org.apache.nifi, nifi-asana-processors is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the use of unfiltered Java object serialization and deserialization in the GetAsanaObject Processor, which allows an attacker with access to the configured cache server to supply...

8.8CVSS8AI score0.00435EPSS

Exploits0References4Affected Software1

EUVD•added 2025/12/19 12:31 p.m.•4 views

EUVD-2025-204524

Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization...

7.5CVSS6.9AI score0.00435EPSS

Exploits0References4

CVE•added 2025/12/19 9:24 a.m.•16 views

CVE-2025-66524

The vulnerability concerns Apache NiFi GetAsanaObject Processor (NiFi 1.20.0–2.6.0) which uses unfiltered Java Object serialization/deserialization with a Distribute Map Cache Client Service for state. The root cause is unsafe deserialization of crafted state data stored in the configured cache s...

8.8CVSS6.2AI score0.00435EPSS

Exploits0References2Affected Software1

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-178377

Malicious code in integer-slow-java-object-string npm...

6.6AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-6953

Malware in sbrugna...

8.8CVSS8.6AI score0.11389EPSS

Exploits2References2