Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

56257 matches found

CNNVD
CNNVDadded 2025/11/28 12:0 a.m.3 views

LZ4 Java 安全漏洞

LZ4 Java is a compression library for Java by the individual developer Jonas Konrad. A security vulnerability exists in LZ4 Java 1.8.0 and earlier versions that stems from an out-of-bounds memory operation when processing untrustworthy compressed input, which could result in a denial of service a...

8.8CVSS6.3AI score0.0068EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Databaseadded 2025/11/28 12:0 a.m.8 views

LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. This is fixed in a forked release: at.yawk.lz4:lz4-java version 1.8.1. The original project has been archived:...

8.8CVSS6.4AI score0.0068EPSS
Exploits0References6
The Hacker News
The Hacker Newsadded 2025/11/27 6:13 p.m.5 views

Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan

The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers Amirbek Kurbanov...

5.9AI score
Exploits0
EUVD
EUVDadded 2025/11/27 3:31 p.m.3 views

EUVD-2025-199823

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...

9.3CVSS7.1AI score0.00378EPSS
Exploits0References2
NVD
NVDadded 2025/11/27 2:15 p.m.4 views

CVE-2025-12140

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...

9.3CVSS0.00378EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/11/27 1:5 p.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details CVEID:CVE-2025-30761 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java...

5.9CVSS5.8AI score0.00551EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/11/27 12:1 p.m.7 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments

Summary IBM java SDK is used by Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no...

7.5CVSS6.3AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/11/27 11:46 a.m.7 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no...

7.5CVSS6.3AI score0.00633EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologiesadded 2025/11/27 12:0 a.m.7 views

PT-2025-48268

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...

9.3CVSS7.5AI score0.00378EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linuxadded 2025/11/27 12:0 a.m.8 views

Security update for mysql-connector-java (important)

openSUSE security update: security update for mysql-connector-java ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20089-1 Rating: important References: bsc1241693 Cross-References: CVE-2025-30706 CVSS scores: CVE-2025-30706 SUSE : 7.5...

7.7CVSS7.2AI score0.0052EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2025/11/26 5:28 p.m.151 views

lw-cnapp-microservices-iac

Project 2: Microservices with Infrastructure as Code ⚠️ WAR...

8.3AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2025/11/26 4:40 p.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.18 LTS and 12.18.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

7.5CVSS5.2AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/11/26 12:5 p.m.9 views

Security Bulletin: Vulnerability in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affect the product's management GUI and could cause a confidentiality impact. The Command Line Interface is unaffected. CVE-2025-30754. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle...

4.8CVSS5.5AI score0.00381EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletinsadded 2025/11/26 10:32 a.m.13 views

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiali...

7.5CVSS6.4AI score0.00633EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/11/26 10:31 a.m.23 views

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2025-57353 DESCRIPTION: The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient...

7.5CVSS6.4AI score0.00633EPSS
Exploits2Affected Software1
OSV
OSVadded 2025/11/26 8:13 a.m.3 views

SUSE-SU-2025:21144-1 Security update for mysql-connector-java

This update for mysql-connector-java fixes the following issues: - Upgrade to Version 9.3.0 - CVE-2025-30706: Fixed Connector/J vulnerability bsc1241693 - Updatable ResultSet fails with 'Parameter index out of range'. - Fixed Resultset UPDATE methods not checking validity of ResultSet. -...

7.5CVSS6AI score0.0052EPSS
Exploits0References3
OSV
OSVadded 2025/11/26 8:12 a.m.4 views

OPENSUSE-SU-2025:20089-1 Security update for mysql-connector-java

This update for mysql-connector-java fixes the following issues: - Upgrade to Version 9.3.0 - CVE-2025-30706: Fixed Connector/J vulnerability bsc1241693 - Updatable ResultSet fails with 'Parameter index out of range'. - Fixed Resultset UPDATE methods not checking validity of ResultSet. -...

7.5CVSS7.2AI score0.0052EPSS
Exploits0References2
NVD
NVDadded 2025/11/26 2:15 a.m.8 views

CVE-2025-66021

OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style...

8.6CVSS0.00226EPSS
Exploits1References1
OSV
OSVadded 2025/11/26 1:53 a.m.8 views

CVE-2025-66021 OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization

OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style...

8.6CVSS6AI score0.00226EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/11/26 1:53 a.m.18 views

CVE-2025-66021 OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization

OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style...

8.6CVSS0.00226EPSS
Exploits1References1
Rows per page
Query Builder