Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

56249 matches found

OSV
OSVadded 2026/01/05 2:59 p.m.2 views

GHSA-CW39-R4H6-8J3X MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation

Summary Affected Components: org.msgpack.core.MessageUnpacker.readPayload org.msgpack.core.MessageUnpacker.unpackValue org.msgpack.value.ExtensionValue.getData A denial-of-service vulnerability exists in MessagePack for Java when deserializing .msgpack files containing EXT32 objects with...

7.5CVSS5.9AI score0.0055EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 2:22 p.m.10 views

Security Bulletin: Due to use of Java SE, IBM Security SOAR is affected by unspecified vulnerabilities (CVE-2025-53066 & CVE-2025-53057)

Summary IBM Security SOAR uses Java SE library internally. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no integrity impact, and no availability...

7.5CVSS6.1AI score0.00633EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 1:18 p.m.8 views

Security Bulletin:IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU for Rational Software Architect Designer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition,Versions 8 and Java 17 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM SDK, Java Technology Edition...

7.5CVSS6.3AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 11:22 a.m.6 views

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities

Summary IBM Event Streams is affected by multiple vulnerabilities Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected ar...

8.1CVSS6.4AI score0.01099EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 11:16 a.m.4 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms

Summary Multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in October 2025 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...

7.5CVSS6.3AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 11:11 a.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2025-53066, CVE-2025-53057)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to...

7.5CVSS6.4AI score0.00633EPSS
Exploits0Affected Software1
GithubExploit
GithubExploitadded 2026/01/05 8:25 a.m.129 views

vpn_exploitation_tool

AD + Citrix VPN Data Harvester Modular Java tool for testing...

7.2AI score
Exploits0
Veracode
Veracodeadded 2026/01/05 7:27 a.m.8 views

Insecure Deserialization

Apache NiFi is vulnerable to Insecure Deserialization. The vulnerability is due to where the GetAsanaObject Processor stores and retrieves state data using generic Java object deserialization without validation, allowing attackers with direct access to the configured Distributed Map Cache server ...

8.8CVSS7.7AI score0.00435EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 7:9 a.m.7 views

Security Bulletin: IBM Maximo Application Suite uses java 17.0.13,github.com/go-viper/mapstructure/v2 v2.2.1 and github.com/docker/docker v27.3.1 which is vulnerable to GHSA-2464-8j7c-4cjm,CVE-2025-21502 and CVE-2025-54410

Summary IBM Maximo Application Suite uses java 17.0.13,github.com/go-viper/mapstructure/v2 v2.2.1 and github.com/docker/docker v27.3.1 which is vulnerable to GHSA-2464-8j7c-4cjm,CVE-2025-21502 and CVE-2025-54410. This bulletin contains information regarding the vulnerability and its fixture...

5.2CVSS5.4AI score0.00971EPSS
Exploits0Affected Software1
EUVD
EUVDadded 2026/01/05 12:32 a.m.4 views

EUVD-2026-0921

A vulnerability was determined in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. Affected is the function delete of the file src/main/java/com/macro/mall/controller/MinioController.java. This manipulation of the argument objectName causes path traversal. The attack can be...

5.5CVSS5.4AI score0.00641EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/01/05 12:32 a.m.26 views

CVE-2025-15449 cld378632668 JavaMall MinioController.java delete path traversal

A vulnerability was determined in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. Affected is the function delete of the file src/main/java/com/macro/mall/controller/MinioController.java. This manipulation of the argument objectName causes path traversal. The attack can be...

5.5CVSS0.00641EPSS
Exploits1References4
OSV
OSVadded 2026/01/04 12:15 a.m.6 views

OSV-2026-6 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=472785101 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.primary...

6.9AI score
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/03 9:4 p.m.3 views

CVE-2026-21452

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

7.5CVSS6.8AI score0.0055EPSS
Exploits1References1
GithubExploit
GithubExploitadded 2026/01/03 8:15 p.m.281 views

Exploit for Code Injection in Symfony Twig

Successful Errors: New Code Injection and SSTI Techniques !R...

9.8CVSS8.5AI score0.10701EPSS
Exploits7
Tenable Nessus
Tenable Nessusadded 2026/01/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-21452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack...

7.5CVSS6.9AI score0.0055EPSS
Exploits1References3
NVD
NVDadded 2026/01/02 9:16 p.m.9 views

CVE-2026-21452

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

7.5CVSS0.0055EPSS
Exploits1References3
OSV
OSVadded 2026/01/02 9:16 p.m.2 views

DEBIAN-CVE-2026-21452

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

7.5CVSS7.8AI score0.0055EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2026/01/02 9:16 p.m.6 views

CVE-2026-21452

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

7.5CVSS5.9AI score0.0055EPSS
Exploits1References4
OSV
OSVadded 2026/01/02 9:16 p.m.3 views

UBUNTU-CVE-2026-21452

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

7.5CVSS5.8AI score0.0055EPSS
Exploits1References5
Debian CVE
Debian CVEadded 2026/01/02 8:47 p.m.4 views

CVE-2026-21452

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

7.5CVSS7.8AI score0.0055EPSS
Exploits1
Rows per page
Query Builder