Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

191 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/16 11:56 p.m.3 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server Pattern shipped with IBM Cloud Pak System

Summary IBM Cloud Pak System WebSphere Application Server Pattern WAS pType is vulnerable to multiple vulnerabilities in IBM SDK. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker...

5.3CVSS5.6AI score0.00303EPSS
Exploits0Affected Software1
Gitee
Giteeadded 2025/07/27 4:13 a.m.134 views

Exploit for Cross-site Scripting in Atmail

AWAE/OSWE Preparation for coming AWAE Training. Work in progress... Atmail Mail Server Appliance: from XSS to RCE 6.4 CVE-2012-2593 - https://www.exploit-db.com/exploits/20009 - https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py ATutor Authentication Bypass and RCE 2.2.1 CVE-2016-25...

10CVSS7.6AI score0.94293EPSS
Exploits18
Veracode
Veracodeadded 2025/07/03 5:4 a.m.3 views

Insecure Deserialization

com.typesafe.akka, akka-cluster-metrics is vulnerable to insecure deserialization. The vulnerability is due to the use of Java serialization without proper validation or safeguards in the akka-cluster-metrics module, which allows an attacker to exploit the deserialization process to execute...

6CVSS6.8AI score0.00296EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVEadded 2025/06/30 12:22 a.m.4 views

CVE-2025-53393

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

6CVSS7.3AI score0.00296EPSS
Exploits0References1
OSV
OSVadded 2025/06/29 12:30 a.m.4 views

GHSA-358M-FQ53-HP87 akka-cluster-metrics uses Java serialization for cluster metrics

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

6CVSS7.2AI score0.00296EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2025/06/29 12:30 a.m.5 views

akka-cluster-metrics uses Java serialization for cluster metrics

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

6CVSS6.5AI score0.00296EPSS
Exploits0References4Affected Software2
OSV
OSVadded 2025/06/28 11:15 p.m.3 views

CVE-2025-53393

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

6CVSS7.2AI score
Exploits0References1
NVD
NVDadded 2025/06/28 11:15 p.m.4 views

CVE-2025-53393

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

6CVSS0.00296EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/06/28 12:0 a.m.1 views

Akka 代码问题漏洞

Akka is an Akka open source expressive SDK and platform for developing, deploying and operating enterprise agent services. A code issue vulnerability exists in Akka 2.10.6 and earlier versions that stems from the use of Java serialization to process cluster metrics...

6CVSS6.6AI score0.00296EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/06/28 12:0 a.m.2 views

CVE-2025-53393

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

6CVSS7.3AI score0.00296EPSS
Exploits0References1
CVE
CVEadded 2025/06/28 12:0 a.m.16 views

CVE-2025-53393

CVE-2025-53393 affects Akka up to version 2.10.6, where akka-cluster-metrics uses Java serialization for cluster metrics. The root cause is deserialization of serialized objects within the MessageSerializer pathway, which the linked sources describe in SNYK/GHSA notices. The CVE entry provides a ...

6CVSS6.8AI score0.00296EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/06/28 12:0 a.m.3 views

PT-2025-27331 · Akka · Akka

Name of the Vulnerable Software and Affected Versions: Akka versions through 2.10.6 Description: The issue concerns the use of Java serialization for cluster metrics in the akka-cluster-metrics component. Recommendations: For versions through 2.10.6, consider disabling Java serialization for...

6CVSS7.3AI score0.00296EPSS
Exploits0References10
Cvelist
Cvelistadded 2025/06/28 12:0 a.m.6 views

CVE-2025-53393

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

6CVSS0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 3:16 p.m.11 views

CVE-2020-17531

A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to...

9.8CVSS6.7AI score0.64089EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2025/05/22 10:4 a.m.5 views

CVE-2019-0189

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the...

9.8CVSS7.5AI score0.15419EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/02/05 6:58 a.m.4 views

CVE-2024-32876

NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...

8.5CVSS8.6AI score0.00054EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2024/09/30 9:30 a.m.21 views

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.

This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The...

8CVSS6.1AI score0.0004EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2024/09/30 9:30 a.m.12 views

GHSA-G643-XQ6W-R67C Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.

This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The...

5.1CVSS6.3AI score0.0004EPSS
Exploits0References4
NVD
NVDadded 2024/09/30 9:15 a.m.14 views

CVE-2024-45772

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...

8CVSS0.0004EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/09/30 8:51 a.m.19 views

CVE-2024-45772 Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...

5.1CVSS0.0004EPSS
Exploits0References1
Rows per page
Query Builder