CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-3901

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.0024EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-4676

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00545EPSS

Exploits1References9

RedhatCVE•added 2025/05/22 3:23 a.m.•5 views

CVE-2013-4378

Cross-site scripting XSS vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header...

4.3CVSS5.8AI score0.00545EPSS

Exploits1References1

Github Security Blog•added 2022/07/20 1:36 a.m.•114 views

Java Melody vulnerable to cross-site scripting

JavaMelody is a monitoring tool for JavaEE applications. Versions prior to 1.61.0 are vulnerable to a cross-site scripting XSS attack. This issue was patched in version 1.61.0, and users are recommended to upgrade to the latest version. There are no known workarounds...

3.5AI score

Exploits0References3Affected Software1

OSV•added 2022/07/20 1:36 a.m.•28 views

GHSA-CQHR-JQVC-QW9P Java Melody vulnerable to cross-site scripting

10CVSS5.6AI score

Exploits0References3

vulnersOsv•added 2022/07/20 1:36 a.m.•0 views

cc.catalysts.boot:cat-boot-javamelody (>=0.0.4 <=0.2.28), net.bull.javamelody:javamelody-collector-server (>=1.57.0 <=1.60.0) +1 more potentially affected by CVE-2016-1000273 via net.bull.javamelody:javamelody-core (>=1.10.0 <=1.60.0)

net.bull.javamelody:javamelody-core MAVEN version =1.10.0, =0.0.4, =1.57.0, =1.10.0, =1.60.0 Source cves: CVE-2016-1000273 Source advisory: OSV:GHSA-CQHR-JQVC-QW9P...

5.8AI score

Exploits0

vulnersOsv•added 2022/05/17 5:2 a.m.•0 views

org.jvnet.hudson.plugins:monitoring (>=1.10.0 <=1.46.0) potentially affected by CVE-2013-4378 via net.bull.javamelody:javamelody-core (>=1.10.0 <=1.46.0)

net.bull.javamelody:javamelody-core MAVEN version =1.10.0, =1.10.0, =1.46.0 Source cves: CVE-2013-4378 Source advisory: OSV:GHSA-P4MX-P49M-8RW4...

4.3CVSS5.8AI score0.00545EPSS

Exploits1

OSV•added 2022/05/17 5:2 a.m.•15 views

GHSA-P4MX-P49M-8RW4 Improper Neutralization of Input During Web Page Generation in JavaMelody

4.3CVSS5.5AI score0.00545EPSS

Exploits1References8

Github Security Blog•added 2022/05/17 5:2 a.m.•24 views

Improper Neutralization of Input During Web Page Generation in JavaMelody

4.3CVSS4.2AI score0.00545EPSS

Exploits1References9Affected Software1

OSV•added 2022/05/14 3:10 a.m.•14 views

GHSA-G66Q-GRXC-64J3 Cross-site Scripting in JavaMelody

JavaMelody through 1.60.0 has XSS via the counter parameter in a clearcounter action to the /monitoring URI...

6.1CVSS5.9AI score0.0024EPSS

Exploits1References3

Github Security Blog•added 2022/05/14 3:10 a.m.•37 views

Cross-site Scripting in JavaMelody

JavaMelody through 1.60.0 has XSS via the counter parameter in a clearcounter action to the /monitoring URI...

6.1CVSS3.3AI score0.0024EPSS

Exploits1References4Affected Software1

vulnersOsv•added 2022/05/14 3:10 a.m.•3 views

cc.catalysts.boot:cat-boot-javamelody (>=0.0.4 <=0.2.28), net.bull.javamelody:javamelody-collector-server (>=1.57.0 <=1.60.0) +1 more potentially affected by CVE-2018-12432 via net.bull.javamelody:javamelody-core (>=1.10.0 <=1.60.0)

net.bull.javamelody:javamelody-core MAVEN version =1.10.0, =0.0.4, =1.57.0, =1.10.0, =1.60.0 Source cves: CVE-2018-12432 Source advisory: OSV:GHSA-G66Q-GRXC-64J3...

6.1CVSS6.3AI score0.0024EPSS

Exploits1

vulnersOsv•added 2018/10/17 6:28 p.m.•1 views

br.com.thiaguten:umbrella-monitoring (>=0.1.0 <=0.1.1), cc.catalysts.boot:cat-boot-javamelody (>=0.0.4 <=0.2.28) +7 more potentially affected by CVE-2018-15531 via net.bull.javamelody:javamelody-core (>=1.10.0 <=1.73.1)

net.bull.javamelody:javamelody-core MAVEN version =1.10.0, =0.1.0, =0.0.4, =1.57.0, =1.64.0, =1.5.7.0, =1.10.0, =2.0.0, =2.0.0, =2.0.1 - uk.ac.ebi.interpro.scan:server =5.36-75.0 Source cves: CVE-2018-15531 Source advisory: OSV:GHSA-6FVX-R7HX-3VH6...

9.8CVSS7.2AI score0.22432EPSS

Exploits0

OSV•added 2018/10/17 6:28 p.m.•104 views

GHSA-6FVX-R7HX-3VH6 JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

9.8CVSS9.5AI score0.22432EPSS

Exploits0References7

Github Security Blog•added 2018/10/17 6:28 p.m.•101 views

JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

9.8CVSS5.2AI score0.22432EPSS

Exploits0References6Affected Software1

Veracode•added 2018/09/27 7:28 a.m.•16 views

XML External Entity (XXE)

javamelody-core is vulnerable to XML external entity attacks. This is due to enabled support for external entities and DTD in parseSoapMethodName function in bull/javamelody/PayloadNameRequestWrapper.java which allows for a remote attacker to perform such attacks...

9.8CVSS9.1AI score0.22432EPSS

Exploits0References4Affected Software1