513 matches found
EUVD-2025-27196
Malicious code in bioql PyPI...
EUVD-2024-0965
Malicious code in bioql PyPI...
EUVD-2025-28915
Malicious code in bioql PyPI...
EUVD-2025-26702
Malicious code in bioql PyPI...
EUVD-2022-4305
Malicious code in bioql PyPI...
EUVD-2024-0913
Malicious code in bioql PyPI...
org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...
org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...
org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...
CVE-2025-56769
CVE-2025-56769 affects chinabugotech Hutool (hutool/ hutool-extra) prior to version 5.8.4 (and related advisories mention 5.8.40) due to insecure handling in the QLExpressEngine . The issue lets an attacker craft expressions that cause arbitrary method invocation, enabling potential remote code e...
CVE-2025-42944
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...
CVE-2025-42944
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...
CVE-2025-42944 Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4)
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...
CVE-2025-42944 Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4)
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...
CVE-2025-42944
The CVE-2025-42944 vulnerability affects SAP NetWeaver (notably the NetWeaver Application Server Java) via insecure deserialization in the RMI-P4 module. An unauthenticated, remote attacker can send a malicious payload to an open port, leading to arbitrary OS command execution with the attacker g...
PT-2025-36562
SAP NetWeaver and Affected Versions SAP NetWeaver versions 5.3 through 10.0 SAP NetWeaver AS Java affected versions not specified Description SAP NetWeaver contains a critical deserialization flaw in the RMI-P4 module. This allows an unauthenticated attacker to execute arbitrary operating system...
CVE-2025-7388
It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...
CVE-2025-7388 Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface
It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...
PT-2025-35938
Name of the Vulnerable Software and Affected Versions OpenEdge AdminServer affected versions not specified Description The OpenEdge AdminServer is susceptible to Remote Command Execution RCE via its Java RMI interface. Authenticated users can inject and execute OS commands under the delegated...
Progress Software OpenEdge 命令注入漏洞
Progress Software OpenEdge is a suite of integrated development environments IDEs from Progress Software, USA. A command injection vulnerability exists in Progress Software OpenEdge that stems from insufficient input validation of the Java RMI interface, which could lead to a remote command...