CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/04/14 5:18 p.m.•5 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.20.6 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

8.8CVSS5.9AI score0.00427EPSS

Exploits2References21

vulnersOsv•added 2026/04/14 4:15 p.m.•5 views

de.digitalcollections:iiif-bookshelf-webapp (>=2.6.2 <=3.1.0), de.digitalcollections:iiif-server-demo (>=2.1.3 <=4.0.6) +24 more potentially affected by CVE-2025-69993 via org.webjars.npm:leaflet (>=0.7.7 <=2.0.0-alpha.1)

org.webjars.npm:leaflet MAVEN version =0.7.7, =2.6.2, =2.1.3, =0.9.0, =1.0.3, =1.2.0, =2.4.0 and more Source cves: CVE-2025-69993 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16427277...

6.1CVSS5.8AI score0.00044EPSS

Exploits2

RedHat Linux•added 2026/04/14 2:45 p.m.•2 views

org.apache.avro/avro: Apache Avro Java SDK: Code injection on Java generated code

A code injection flaw has been discovered in Apache Avro. This vulnerability manifests when generating specific records from untrusted Avro schemas...

7.3CVSS5.8AI score0.00057EPSS

NCSC•added 2026/04/14 12:55 p.m.•2 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including SAP Supplier Relationship Management, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server Java and ABAP, SAP Landscape Transformation, SAP Business Planning and Consolidation, SAP Business Warehouse,...

9.9CVSS5.9AI score0.00108EPSS

Exploits2References1

Atlassian•added 2026/04/14 4:29 a.m.•18 views

RCE (Remote Code Execution) at mchange-commons-java dependency in Crucible Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 4.9.0 of Crucible Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.9 and a CVSS Vector of code:java CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:Hcode allows an...

9.8CVSS6.3AI score0.00151EPSS

Exploits1

CVE•added 2026/04/14 1:49 a.m.•19 views

CVE-2026-6264

CVE-2026-6264 affects Talend JobServer and Talend Runtime. An unauthenticated remote code execution is possible via the JMX monitoring port on the JobServer. For mitigation: enable TLS client authentication on the JobServer’s JMX monitoring port and apply the patch for full protection. On Talend ...

9.8CVSS6.4AI score0.00083EPSS

Exploits0References1

NVD•added 2026/04/14 12:16 a.m.•0 views

CVE-2026-27674

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...

6.1CVSS0.00092EPSS

CVE•added 2026/04/14 12:6 a.m.•5 views

CVE-2026-27674

An unauthenticated code injection flaw in SAP NetWeaver Application Server Java (Web Dynpro Java) could allow a crafted input to cause the application to reference attacker‑controlled content, leading to execution of client‑side code in the victim’s browser and potential session compromise. Affec...

Exploits0References2Affected Software1

Cvelist•added 2026/04/14 12:6 a.m.•23 views

CVE-2026-27674 Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)

6.1CVSS0.00092EPSS

EUVD•added 2026/04/14 12:6 a.m.•1 views

EUVD-2026-22146

Vulnrichment•added 2026/04/14 12:6 a.m.•0 views

CVE-2026-27674 Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)

ATTACKERKB•added 2026/04/14 12:6 a.m.•1 views

CVE-2026-27674

Positive Technologies•added 2026/04/14 12:0 a.m.•3 views

Exploits0References3

PT-2026-32590

Name of the Vulnerable Software and Affected Versions Talend JobServer affected versions not specified Talend Runtime versions prior to R2024-07-RT Description Unauthenticated remote code execution is possible via the JMX monitoring port. Recommendations Require TLS client authentication for the...

9.8CVSS6.4AI score0.00083EPSS

CNNVD•added 2026/04/14 12:0 a.m.•5 views

SAP NetWeaver Application Server Java 代码注入漏洞

SAP NetWeaver Application Server Java is an application server provided by the German company SAP, which offers a Java runtime environment. This product is primarily used for developing and running Java EE applications. SAP NetWeaver Application Server Java has a code injection vulnerability; thi...

6.1CVSS6AI score0.00092EPSS

Exploits0References3

Positive Technologies•added 2026/04/14 12:0 a.m.•1 views

PT-2026-32554

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java Web Dynpro Java affected versions not specified Description A code injection issue in the Web Dynpro Java component allows an unauthenticated attacker to provide crafted input that the application interpre...

6.4CVSS5.8AI score0.00092EPSS

CNNVD•added 2026/04/14 12:0 a.m.•4 views

Qlik Talend JobServer和Qlik Talend Runtime 安全漏洞

Qlik Talend JobServer and Qlik Talend Runtime are both products of Qlik, a US-based company. Qlik Talend JobServer is a data integration task execution and scheduling service component. Qlik Talend Runtime is a data integration and application runtime environment platform. Both Qlik Talend...

9.8CVSS6.3AI score0.00083EPSS