Lucene search
K

39 matches found

vulnersOsv
vulnersOsv
added 2026/05/05 6:27 p.m.9 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2921 more potentially affected by CVE-2026-41417 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-41417 Source advisory: SNYK:JAVA-IONETTY-16425695...

5.3CVSS6.7AI score0.00307EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/17 12:0 a.m.14 views

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.7.4) +1858 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=7.0.0-M1 <=7.0.6)

org.springframework:spring-webmvc MAVEN version =7.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =0.1.1, =0.2.0, =0.5.0, =0.7.0, =0.5.0, =0.5.0, =0.7.5 and more Source cves: CVE-2026-22741 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-16109603...

3.1CVSS5.7AI score0.00236EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/18 10:13 p.m.24 views

CVE-2026-32735 Unpacking Arbitrary Mustache Template Files via `maven-dependency-plugin`

openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project openapi-to-java-records-mustache-templates-parent, which is used to centralize plugin...

2.3CVSS0.00321EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/18 10:13 p.m.3 views

CVE-2026-32735

openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project openapi-to-java-records-mustache-templates-parent, which is used to centralize plugin...

2.3CVSS5.8AI score0.00321EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/18 10:13 p.m.5 views

CVE-2026-32735 Unpacking Arbitrary Mustache Template Files via `maven-dependency-plugin`

openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project openapi-to-java-records-mustache-templates-parent, which is used to centralize plugin...

2.3CVSS5.9AI score0.00321EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2025/12/05 6:54 p.m.16 views

ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3) +15057 more potentially affected by CVE-2025-12183 +1 more via org.lz4:lz4-java (>=1.4 <=1.8.1)

org.lz4:lz4-java MAVEN version =1.4, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.3, =1.2.10 and more Source cves: CVE-2025-12183, CVE-2025-66566 Source advisory: SNYK:JAVA-ORGLZ4-14219384...

8.8CVSS6.8AI score0.00647EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/12/03 4:57 p.m.9 views

ai.konduit.serving:konduit-serving-clients (>=0.0.2 <=0.3.0), ai.konduit.serving:konduit-serving-distro-bom (>=0.0.2 <=0.3.0) +4114 more potentially affected by CVE-2025-66453 via org.mozilla:rhino (>=1.7R3 <=1.7.14)

org.mozilla:rhino MAVEN version =1.7R3, =0.0.2, =0.0.2, =0.1-1, =1.0, =1.0, =1.0, =1.2.1 - blog.svenbayer:spring-cloud-contract-swagger =1.2.0.RELEASE - br.com.objectos.jabuticava:boleto =0.3.0 - br.com.objectos.jabuticava:duplicata =0.3.0 - br.com.objectos:boleto =0.1.0 - br.com.objectos:duplica...

7.5CVSS7.4AI score0.00235EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-49313

Malicious code in bioql PyPI...

7.7CVSS6.3AI score0.00555EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/06/20 12:0 a.m.6 views

GitLab 16.6 < 17.9.7 / 17.10 < 17.10.5 / 17.11 < 17.11.1 (CVE-2025-2443)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Cross Site Scripting XSS in Maven Dependency Proxy through CSP directives Cross Site Scripting XSS in Maven dependency proxy through cache headers Network Error Logging NEL Header...

8.7CVSS5.5AI score0.00329EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/04 10:34 p.m.9 views

CVE-2024-8635

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy UR...

7.7CVSS6.5AI score0.00555EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/22 10:52 p.m.8 views

Malicious code in maven-dependency-submission-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1381f1caf30bbc11135c6f4ffc6634a4cdeaaa63627d583675758c564c38c804 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/10/28 9:30 a.m.10 views

br.com.nitertech:jwt (>=1.1.4.2 <=1.1.5), cn.herodotus.engine:oauth2-core (>=3.0.6.4 <=3.1.1.3) +354 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=6.1.0 <=6.1.1)

org.springframework.security:spring-security-web MAVEN version =6.1.0, =1.1.4.2, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =0.1.0, =6.1.11, =7.0.4 and more Source cves: CVE-2024-38821 Source advisory: OSV:GHSA-C4Q5-6C82-3QPW...

9.1CVSS7.1AI score0.01726EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2024/09/12 5:1 p.m.22 views

CVE-2024-8635 Server-Side Request Forgery (SSRF) in GitLab

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy UR...

7.7CVSS6.6AI score0.00555EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/12 5:1 p.m.25 views

CVE-2024-8635 Server-Side Request Forgery (SSRF) in GitLab

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy UR...

7.7CVSS0.00555EPSS
Exploits0References1
OSV
OSV
added 2024/09/12 5:1 p.m.18 views

CVE-2024-8635 Server-Side Request Forgery (SSRF) in GitLab

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy UR...

7.7CVSS6.4AI score0.00555EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/09/12 5:1 p.m.15 views

CVE-2024-8635

Removed by vendor...

7.7CVSS5.8AI score0.00555EPSS
Exploits0
CVE
CVE
added 2024/09/12 5:1 p.m.78 views

CVE-2024-8635

CVE-2024-8635 is a server-side request forgery (SSRF) in GitLab Enterprise Edition (EE). Affected: GitLab EE versions starting 16.8 up to but not including 17.1.7, 17.2 up to but not including 17.2.5, and 17.3 up to but not including 17.3.2. Root cause: abuse of a custom Maven Dependency Proxy UR...

7.7CVSS6.7AI score0.00555EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.15 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability in GitLab EE versions 16.8 to before 17.1.7, 17.2 to...

7.7CVSS6.7AI score0.00555EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/07/22 2:33 p.m.8 views

ai.catboost:catboost-spark_3.1_2.12 (>=1.0.1 <=1.2.8), ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10) +3568 more potentially affected by CVE-2024-25638 via dnsjava:dnsjava (>=1.2.3 <=3.5.3)

dnsjava:dnsjava MAVEN version =1.2.3, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.3, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.8, =threadcontention-0.0.23-dev3 and more Source cves: CVE-2024-25638 Source advisory: OSV:GHSA-CFXW-4H78-H7FW...

8.9CVSS6.8AI score0.00392EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.14 views

Fedora: Security Advisory for maven-dependency-analyzer (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
Rows per page
Query Builder