Lucene search
K

105 matches found

Nuclei
Nuclei
added yesterday85 views

IBM Operational Decision Manager - Java Deserialization

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to...

9.8CVSS7.3AI score0.73398EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday108 views

IBM Operational Decision Manager - JNDI Injection

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. id: CVE-2024-22319 info: name: IBM Operational Decision Manager -...

9.8CVSS7.4AI score0.764EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added last week9 views

Malicious code in jsf-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6a2a0bbd4939a789673bdca08866c9be58dd361df175695e7f8c1141bed4e47 On require'jsf-utils', lib/string/pathcase.js runs a top-level async IIFE that fetches a JavaScript payload from https://jsonkeeper.com/b/BPB86 and...

6.1AI score
Exploits0References3
OSV
OSV
added last week6 views

MAL-2026-6921 Malicious code in jsf-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6a2a0bbd4939a789673bdca08866c9be58dd361df175695e7f8c1141bed4e47 On require'jsf-utils', lib/string/pathcase.js runs a top-level async IIFE that fetches a JavaScript payload from https://jsonkeeper.com/b/BPB86 and...

6.2AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/16 9:31 p.m.6 views

com.exactpro.sf:sailfish-frontend (>=3.2.1036 <=3.4.260), com.github.persapiens:jsf-bootsfaces-spring-boot-starter (>=1.6.0 <=1.7.3) +67 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=1.10 <=1.14.1)

org.omnifaces:omnifaces MAVEN version =1.10, =3.2.1036, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.3.0, =1.2.0, =1.6.0, =1.7.0, =1.3.0, =1.0.0, =1.6.0, =1.7.0, =1.7.3 and more Source cves: CVE-2026-41883https://vulners.com...

8.1CVSS5.8AI score0.00382EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-10599

Malware in sbrugna...

7.5CVSS7.6AI score0.0319EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-4288

Malware in sbrugna...

6.4CVSS6.1AI score0.01648EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-5177

Malware in sbrugna...

5.8CVSS6.4AI score0.01648EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-1549

Malware in sbrugna...

4.3CVSS6.1AI score0.08199EPSS
Exploits1References24
Cvelist
Cvelist
added 2025/08/27 9:25 p.m.10 views

CVE-2024-13980 H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

10CVSS0.01176EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.6 views

Malicious code in @zalastax/nolb-jsf (npm)

The package @zalastax/nolb-jsf was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-12069 Malicious code in @zalastax/nolb-jsf (npm)

The package @zalastax/nolb-jsf was found to contain malicious code...

7.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.26 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS7.4AI score0.00568EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.23 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS7.4AI score0.00568EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/16 9:28 p.m.30 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details CVEID:CVE-2024-45085 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, under...

7.5CVSS6.8AI score0.00568EPSS
Exploits0Affected Software1
CVE
CVE
added 2024/03/22 3:43 p.m.188 views

CVE-2024-2227

IdentityIQ (SailPoint) is affected by a JavaServer Faces path traversal vulnerability (JSF 2.2.20) that allows reading arbitrary files from the application server filesystem. Root cause: path traversal in JSF 2.2.20, as described in CVE-2020-6950 lineage. Affected IdentityIQ versions include 8.3 ...

10CVSS7.1AI score0.0078EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/01/31 3:15 p.m.5 views

CVE-2022-46835

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due t...

7.5CVSS5.9AI score0.00935EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/19 12:0 a.m.6 views

SmartVista SVFE2 SQL注入漏洞

SmartVista SVFE2 is a subsystem of SmartVista, Inc. A security vulnerability exists in SmartVista SVFE2 version v2.2.22, which can be exploited to achieve SQL injection via the UserForm:jid88, UserForm:jid90, UserForm:jid92 parameters of the /SVFE2/pages/feegroups/countrygroup.jsf component. id92...

8.8CVSS8.1AI score0.00638EPSS
Exploits0References4
OSV
OSV
added 2022/09/13 12:15 p.m.5 views

CVE-2022-38616

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:jid90 parameter at /feegroups/tgrtgroup.jsf...

8.8CVSS5.8AI score0.00738EPSS
Exploits1References3
Spring Security Advisories
Spring Security Advisories
added 2022/08/10 3:26 p.m.28 views

Spring Web Flow 3.0 M1 Released

It has been almost 4 years since the last set of Spring Web Flow releases. Nevertheless, the project continues to serve a specific need particularly well, arguably better than alternatives, and remains in active use. While there hasnt been a strong driver for new releases, the upcoming Spring...

0.5AI score
Exploits0
Rows per page
Query Builder