Lucene search
K

84 matches found

GithubExploit
GithubExploit
added 2026/04/06 10:5 a.m.158 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Demonstration of the Log4jShell Exploit This code may contain...

10CVSS5.9AI score0.99999EPSS
Exploits352
Cvelist
Cvelist
added 2025/11/11 12:14 a.m.16 views

CVE-2025-42884 JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There i...

6.5CVSS0.00254EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/11/05 3:47 p.m.302 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

💥 CVE-2021-44228 — Log4Shell The Most Impactful Vuln...

10CVSS9.3AI score0.99999EPSS
Exploits358
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1623

Malicious code in bioql PyPI...

7.2CVSS6.9AI score0.01465EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-29628

Malicious code in bioql PyPI...

9.1CVSS7.1AI score0.01218EPSS
Exploits0References1
CVE
CVE
added 2025/09/08 8:53 a.m.66 views

CVE-2025-58782

CVE-2025-58782 affects Apache Jackrabbit Core (1.0.0–2.22.1) and Apache Jackrabbit JCR Commons (1.0.0–2.22.1). The issue is Deserialization of Untrusted Data triggered by accepting JNDI URIs for JCR lookup from untrusted users, which can lead to arbitrary code execution through deserialization of...

6.5CVSS7.6AI score0.01286EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2025/09/08 8:53 a.m.4 views

CVE-2025-58782

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

6.5CVSS6.6AI score0.01286EPSS
Exploits0
Gitee
Gitee
added 2025/09/06 4:26 p.m.219 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4jHotPatch This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup method of all loaded org.apache.logging.log4j.core.lookup.JndiLookup instances to unconditionally return the string "Patched JndiLookup::lookup". It is designed to addres...

10CVSS9AI score0.99999EPSS
Exploits354
Gitee
Gitee
added 2025/09/06 12:44 p.m.102 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Log4j2 日志内容 JNDI RCE 缓解措施 English version 国际镜像:https://github.com/zhangyoufu/log4j2-without-jndi 国内镜像:https://code.aliyun.com/zhangyoufu/log4j2-without-jndi/tree/master 使用方式 1. 寻找部署目录下的 log4j2-core 组件 find . -name 'log4j-core.jar' 2. 对找到的 log4j2-core JAR 包实施缓解措施 方式1: 使用 zip 命令从 JAR...

10CVSS8.7AI score0.99999EPSS
Exploits352
Gitee
Gitee
added 2025/09/06 11:51 a.m.92 views

Exploit for CVE-2018-3149

log4j2-exploits https://user-images.githubusercontent.com/37479424/145661983-131eb84a-9ac5-4014-9f6b-10b69d8d7cf4.mp4 This fundamental vulnerability was reported by CVE-2018-3149 and patched by this article. 8u121 Release Notes However, the logging library for java called log4j2 had JNDILookup,...

8.3CVSS7.4AI score0.07215EPSS
Exploits2
Gitee
Gitee
added 2025/09/06 9:50 a.m.101 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

PoC exploit for CVE-2021-44228, a Java logging library vulnerability. The target product/service is Apache Log4j, a Java logging library. The vulnerability class/vector is RCE Remote Code Execution via JNDI Java Naming and Directory Interface lookup. The probable entry points are JNDI lookups...

10CVSS8.7AI score0.99999EPSS
Exploits352
RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.9 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits354References8
RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.5 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits354References8
RedhatCVE
RedhatCVE
added 2025/02/05 10:0 p.m.7 views

CVE-2022-24847

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

7.2CVSS7.4AI score0.01465EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:48 p.m.17 views

CVE-2022-24846

GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local...

9.1CVSS7.4AI score0.01218EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.40 views

Amazon Linux 2022 : log4j, log4j-jcl, log4j-slf4j (ALAS2022-2021-004)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2021-004 advisory. It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non- default configurations. This could allows attackers with control over Thread Context Map MDC inp...

10CVSS7.4AI score0.99999EPSS
Exploits354References3
GithubExploit
GithubExploit
added 2024/07/26 7:59 p.m.338 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Analysis How does it work? Below is a deta...

10CVSS9.8AI score0.99999EPSS
Exploits352
Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.80 views

GLSA-202310-16 : Ubiquiti UniFi: remote code execution via bundled log4j

The remote host is affected by the vulnerability described in GLSA-202310-16 Ubiquiti UniFi: remote code execution via bundled log4j - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provid...

10CVSS8.4AI score0.99999EPSS
Exploits355References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/21 9:21 p.m.38 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary There are multiple Apache Log4j vulnerabilities CVE-2021-45105, CVE-2021-45046 impacting IBM Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of servic...

10CVSS9.9AI score0.99999EPSS
Exploits356Affected Software1
GithubExploit
GithubExploit
added 2023/07/19 6:18 p.m.302 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

It is an exploit module for Log4j. The vulnerability class/vecto...

10CVSS8.6AI score0.99999EPSS
Exploits352
Rows per page
Query Builder