CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-3901

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.0024EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-4676

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00545EPSS

Exploits1References9

RedhatCVE•added 2025/05/22 3:23 a.m.•5 views

CVE-2013-4378

Cross-site scripting XSS vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header...

4.3CVSS5.8AI score0.00545EPSS

Exploits1References1

OSV•added 2022/07/20 1:36 a.m.•28 views

GHSA-CQHR-JQVC-QW9P Java Melody vulnerable to cross-site scripting

JavaMelody is a monitoring tool for JavaEE applications. Versions prior to 1.61.0 are vulnerable to a cross-site scripting XSS attack. This issue was patched in version 1.61.0, and users are recommended to upgrade to the latest version. There are no known workarounds...

10CVSS5.6AI score

Exploits0References3

Github Security Blog•added 2022/07/20 1:36 a.m.•114 views

Java Melody vulnerable to cross-site scripting

3.5AI score

Exploits0References3Affected Software1

OSV•added 2022/05/17 5:2 a.m.•15 views

GHSA-P4MX-P49M-8RW4 Improper Neutralization of Input During Web Page Generation in JavaMelody

4.3CVSS5.5AI score0.00545EPSS

Exploits1References8

Github Security Blog•added 2022/05/17 5:2 a.m.•24 views

Improper Neutralization of Input During Web Page Generation in JavaMelody

4.3CVSS4.2AI score0.00545EPSS

Exploits1References9Affected Software1

OSV•added 2022/05/14 3:10 a.m.•14 views

GHSA-G66Q-GRXC-64J3 Cross-site Scripting in JavaMelody

JavaMelody through 1.60.0 has XSS via the counter parameter in a clearcounter action to the /monitoring URI...

6.1CVSS5.9AI score0.0024EPSS

Exploits1References3

Github Security Blog•added 2022/05/14 3:10 a.m.•41 views

Cross-site Scripting in JavaMelody

JavaMelody through 1.60.0 has XSS via the counter parameter in a clearcounter action to the /monitoring URI...

6.1CVSS3.3AI score0.0024EPSS

Exploits1References4Affected Software1

OSV•added 2018/10/17 6:28 p.m.•104 views

GHSA-6FVX-R7HX-3VH6 JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

9.8CVSS9.5AI score0.22432EPSS

Exploits0References7

Github Security Blog•added 2018/10/17 6:28 p.m.•102 views

JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

9.8CVSS5.2AI score0.22432EPSS

Exploits0References6Affected Software1

Veracode•added 2018/09/27 7:28 a.m.•17 views

XML External Entity (XXE)

javamelody-core is vulnerable to XML external entity attacks. This is due to enabled support for external entities and DTD in parseSoapMethodName function in bull/javamelody/PayloadNameRequestWrapper.java which allows for a remote attacker to perform such attacks...

9.8CVSS9.1AI score0.22432EPSS

Exploits0References4Affected Software1

Prion•added 2018/09/26 10:29 p.m.•20 views

Code injection

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

7.5CVSS9.4AI score0.22432EPSS

Exploits0References4Affected Software1

NVD•added 2018/09/26 10:29 p.m.•12 views

CVE-2018-15531

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

9.8CVSS9.5AI score0.22432EPSS

Exploits0References4

OSV•added 2018/09/26 10:29 p.m.•29 views

CVE-2018-15531

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

9.8CVSS6.8AI score

Exploits0References4

Cvelist•added 2018/09/26 10:0 p.m.•15 views

CVE-2018-15531

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

9.5AI score0.22432EPSS

Exploits0References4

CVE•added 2018/09/26 10:0 p.m.•108 views

CVE-2018-15531

CVE-2018-15531 affects JavaMelody up to version 1.74.0, where parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java is vulnerable to XML External Entity (XXE) processing. The XXE flaw can enable an attacker to trigger external entity resolution, which may lead to exposure of sensi...

9.8CVSS9.4AI score0.22432EPSS

Exploits0References4Affected Software1

Veracode•added 2018/06/18 2:54 a.m.•16 views

Cross-site Scripting (XSS)

javamelody-core is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization in the counter parameter when performing the clearcounter action through the /monitoring URI, causing XSS attacks...

6.1CVSS5.5AI score0.0024EPSS

Exploits1References4Affected Software1

CNVD•added 2018/06/15 12:0 a.m.•3 views

JavaMelody Cross-Site Scripting Vulnerability

JavaMelody is a set of Java application monitoring tools. The tool is able to monitor Java or Java EE application servers in QA and actual running production environments , and graphically display Java memory and Java CPU usage , the number of users Session and so on. A cross-site scripting...

6.1CVSS5.8AI score0.0024EPSS

Exploits1References1

NVD•added 2018/06/14 11:29 p.m.•11 views

CVE-2018-12432

JavaMelody through 1.60.0 has XSS via the counter parameter in a clearcounter action to the /monitoring URI...

6.1CVSS6AI score0.0024EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by