Lucene search
K

35 matches found

RedhatCVE
RedhatCVE
added 2026/04/16 1:22 a.m.3 views

CVE-2026-6264

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

9.8CVSS6.4AI score0.00739EPSS
Exploits0References1
NVD
NVD
added 2026/04/14 3:16 a.m.6 views

CVE-2026-6264

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

9.8CVSS0.00739EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 1:49 a.m.4 views

CVE-2026-6264 Critical Security fix for the Talend JobServer and Talend Runtime

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

9.8CVSS6.4AI score0.00739EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-33728

dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access ...

9.3CVSS6AI score0.00622EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/27 12:25 a.m.2 views

CVE-2026-33728 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution

dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access ...

9.3CVSS6AI score0.00622EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 12:25 a.m.6 views

CVE-2026-33728 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution

dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access ...

9.3CVSS6AI score0.00622EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:1 a.m.3 views

CVE-2026-33701

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and...

9.3CVSS6.6AI score0.00933EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/27 12:1 a.m.33 views

CVE-2026-33701 OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and...

9.3CVSS0.00933EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/26 4:45 p.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the RMI integration. An attacker can execute arbitrary code with the privileges of the user running the instrumented JVM by sending specially crafted serialized data to a network-exposed JMX or RMI...

9.8CVSS6.2AI score0.00622EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/25 9:27 p.m.9 views

OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution

In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. An attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. Al...

9.8CVSS6.6AI score0.00933EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1105

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.03654EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0901

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.04115EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2022-0722

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.02676EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:24 p.m.7 views

CVE-2020-11969

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 -...

9.8CVSS9.3AI score0.04115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:28 p.m.18 views

CVE-2020-1952

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

9.8CVSS7.2AI score0.02676EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:18 p.m.7 views

CVE-2020-13931

If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creatio...

9.8CVSS6.8AI score0.04115EPSS
Exploits0
OSV
OSV
added 2024/03/06 10:51 a.m.17 views

BIT-FLINK-2020-1960

A vulnerability in Apache Flink 1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0 where, when running a process with an enabled JMXReporter, with a port configured via...

4.7CVSS4.9AI score0.00863EPSS
Exploits0References5
OSV
OSV
added 2022/02/09 10:44 p.m.9 views

GHSA-MP28-RQ7G-QX62 Remote code execution in Apache TomEE

If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creatio...

9.8CVSS7.2AI score0.03654EPSS
Exploits0References4
OSV
OSV
added 2022/01/06 7:45 p.m.29 views

GHSA-WC6F-CJCP-CC33 Improper Certificate Validation in Apache IoTDB

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

9.8CVSS9.6AI score0.02676EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/01/06 7:45 p.m.32 views

Improper Certificate Validation in Apache IoTDB

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

9.8CVSS9.1AI score0.02676EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder