Lucene search
K

13 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-13759

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

7.5CVSS0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-13759 IBM WebSphere eXtreme Scale is affected by Insecure Deserilization

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

7.5CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 5:41 a.m.47 views

CVE-2026-13006

CVE-2026-13006 affects Java applications using logback-core up to version 1.5.34. The issue arises in conditional configuration file processing, allowing an attacker to execute arbitrary code while bypassing protections against CVE-2025-11226. A successful attack requires Janino on the classpath ...

7CVSS6.1AI score0.00122EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/24 5:41 a.m.5 views

CVE-2026-13006

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.35 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...

7CVSS6.1AI score0.00122EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/01/22 10:16 a.m.6 views

CVE-2026-1225

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

1.8CVSS5.9AI score0.00159EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-16943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...

9.8CVSS7.5AI score0.04861EPSS
Exploits0References2
OSV
OSV
added 2023/11/28 9:30 a.m.2 views

GHSA-JJFH-589G-3HJX Spring Boot Actuator denial of service vulnerability

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...

5.3CVSS6.9AI score0.01219EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.6 views

PT-2023-7931 · Spring · Spring Boot

Name of the Vulnerable Software and Affected Versions: Spring Boot versions 2.7.0 through 2.7.17 Spring Boot versions 3.0.0 through 3.0.12 Spring Boot versions 3.1.0 through 3.1.5 Description: The issue is related to the Spring Boot framework, where an application can be vulnerable to a...

6.8CVSS6.5AI score0.01219EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.8 views

SUSE CVE-2018-7489

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of th...

9.8CVSS8.3AI score0.20521EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.6 views

SUSE CVE-2019-14439

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the logback jar in the classpath...

7.5CVSS8.8AI score0.10763EPSS
Exploits0References3
OSV
OSV
added 2019/07/30 11:15 a.m.5 views

DEBIAN-CVE-2019-14439

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the logback jar in the classpath...

7.5CVSS8.3AI score0.10763EPSS
Exploits0References1
OSV
OSV
added 2019/06/19 2:15 p.m.1 views

UBUNTU-CVE-2019-12814

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specificall...

5.9CVSS6.8AI score0.10951EPSS
Exploits0References5
OSV
OSV
added 2018/01/10 6:29 p.m.5 views

DEBIAN-CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS8.4AI score0.49727EPSS
Exploits1References1
Rows per page
Query Builder