Lucene search
+L

878 matches found

OSV
OSV
added 2026/05/19 12:0 a.m.16 views

MAL-2026-4116 Malicious code in @antv/x6-vue-shape (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/19 12:0 a.m.12 views

MAL-2026-3854 Malicious code in @antv/ava-react (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/19 12:0 a.m.11 views

MAL-2026-3849 Malicious code in @antv/adjust (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/19 12:0 a.m.11 views

MAL-2026-3978 Malicious code in @antv/g2-plugin-slider (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/18 12:24 p.m.19 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00812EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.14 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00812EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/05/18 12:12 p.m.14 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00812EPSS
Exploits1References8
OSV
OSV
added 2026/05/08 5:44 a.m.11 views

BIT-JRE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS6.7AI score0.01401EPSS
Exploits0References10
OSV
OSV
added 2026/05/08 5:43 a.m.13 views

BIT-JRE-2021-2432

Vulnerability in the Java SE product of Oracle Java SE component: JNDI. The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

4.3CVSS5.8AI score0.03701EPSS
Exploits0References6
OSV
OSV
added 2026/05/08 5:43 a.m.7 views

BIT-JRE-2020-14781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS6.7AI score0.02324EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-38770

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS5.8AI score0.01401EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-38731

Vulnerability in the Java SE product of Oracle Java SE component: JNDI. The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

4.3CVSS5.8AI score0.03701EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.22 views

PT-2026-38697

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS6.1AI score0.02324EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/07 6:0 p.m.7 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00812EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/05/07 5:29 p.m.9 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00812EPSS
Exploits1References8
OSV
OSV
added 2026/05/06 2:41 p.m.8 views

BIT-JAVA-2020-14781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS6.6AI score0.02324EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.14 views

PT-2026-37710

Vulnerability in the Java SE product of Oracle Java SE component: JNDI. The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

4.3CVSS6.8AI score0.03701EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-37883

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS6.6AI score0.02324EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.7 views

RHCOS 3 : OpenShift Container Platform 3.11.306 jenkins (RHSA-2020:4223)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4223 advisory. - jetty: double release of resource can lead to information disclosure CVE-2019-17638 - jenkins: user-specified tooltip values leads...

9.4CVSS6.8AI score0.83053EPSS
Exploits8References10
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.8 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006905)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006905 advisory. In the Linux kernel, the following vulnerability has been resolved: macintosh: fix possible memory leak in macioaddonedevice Afer commit 1fa5ae857bb1 driver core: ge...

5.5CVSS5.8AI score0.00152EPSS
Exploits0References4
Rows per page
Query Builder