CVE-2026-57527

Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...

CVE-2023-41474

Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component...

com.aripd:aricl (=1.4), com.aripd:aricom (=1.0) +136 more potentially affected by CVE-2019-17091 via org.glassfish:javax.faces (>=2.1.11 <=2.2.19)

org.glassfish:javax.faces MAVEN version =2.1.11, =3.2.1036, =1.0.0, =1.0.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.2.0, =1.0.0, =1.7.3 and more Source cves: CVE-2019-17091 Source advisory: OSV:GHSA-RJHX-C9QH-QH8F...

com.aripd:aricl (=1.4), com.aripd:aricom (=1.0) +92 more potentially affected by CVE-2013-5855 via org.glassfish:javax.faces (>=2.2.0 <=2.2.20)

org.glassfish:javax.faces MAVEN version =2.2.0, =3.2.1036, =1.0.0, =1.0.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.2.0, =1.0.0, =1.7.3 and more Source cves: CVE-2013-5855 Source advisory: OSV:GHSA-3M3R-82GC-53MJ...

com.oracle.cdi-enabler:cdi-enabler-1_0-test-webapp (=1), com.sap.cloud.s4hana.starters:scp-neo-javaee6 (>=1.0.0 <=1.1.2) +19 more potentially affected by CVE-2013-5855 via org.glassfish:javax.faces (>=2.1.11 <=2.1.26)

org.glassfish:javax.faces MAVEN version =2.1.11, =1.0.0, =2.23.16, =0.3.0, =0.3.0, =5.11.0, =5.12.0, =5.13.1, =5.12.0, =5.9.4.1, =5.9.4.1, =5.9.4.1, =5.9.4.1, =5.15.4 and more Source cves: CVE-2013-5855 Source advisory: OSV:GHSA-3M3R-82GC-53MJ...