Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/02/05 11:45 p.m.10 views

CVE-2022-41271

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration PI - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability...

9.4CVSS7.4AI score0.00566EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2022/12/13 12:0 a.m.4 views

PT-2022-25780 · Sap · Sap Netweaver Process Integration

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Process Integration PI version 7.50 Description: The issue allows an unauthenticated user to attach to an open interface exposed through JNDI by the Messaging System, making use of an open naming and directory API to access...

9.4CVSS8.7AI score0.00566EPSS
Exploits0References4
Veracode
Veracodeadded 2021/12/29 1:2 a.m.250 views

Remote Code Execution (RCE)

log4j-core is vulnerable to Remote Code Execution RCE. Lack of limiting JNDI access to data source names allows an attacker with privilege to modify logging configuration to send malicious configuration via JDBC Appender with a data source referencing a JNDI URI...

6.6CVSS8.4AI score0.98078EPSS
Exploits9References15Affected Software21
OSV
OSVadded 2020/09/30 12:55 p.m.3 views

USN-4557-1 tomcat6 vulnerabilities

It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. CVE-2016-0762 Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain...

9.8CVSS7AI score0.90338EPSS
Exploits11References8
OSV
OSVadded 2019/10/12 9:15 p.m.0 views

UBUNTU-CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.8CVSS7.2AI score0.05329EPSS
Exploits0References6
NVD
NVDadded 2017/08/10 10:29 p.m.21 views

CVE-2016-6797

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was...

7.5CVSS8.4AI score0.08136EPSS
Exploits0References25
OSV
OSVadded 2017/01/23 6:24 p.m.7 views

USN-3177-1 tomcat6, tomcat7, tomcat8 vulnerabilities

It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-0762 Alvaro Muno...

9.8CVSS7.1AI score0.90338EPSS
Exploits11References12
NVD
NVDadded 2003/12/31 5:0 a.m.16 views

CVE-2003-1290

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface JNDI...

5CVSS6.4AI score0.02444EPSS
Exploits0References7
Rows per page
Query Builder