CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

117 matches found

Payara Server - Cross-Site Scripting

Payara Server versions 4.1.2.191.54, 5.83.0, 6.34.0, and 7.2026.1 contain a stored XSS vulnerability caused by improper input sanitization in the REST Management Interface. This allows attackers to mislead administrators into changing the admin password via a URL payload; however, the exploit...

9.3CVSS5.4AI score0.00567EPSS

Exploits1References3

Nuclei•added 4 days ago•25 views

Payara Micro Community 5.2021.6 Directory Traversal

Payara Micro Community 5.2021.6 and below contains a directory traversal vulnerability. id: CVE-2021-41381 info: name: Payara Micro Community 5.2021.6 Directory Traversal author: pikpikcu severity: high description: Payara Micro Community 5.2021.6 and below contains a directory traversal...

7.5CVSS7.1AI score0.84333EPSS

Exploits6References5

Packet Storm•added 2026/03/24 12:0 a.m.•99 views

📄 Payara Server Cross Site Scripting

Research details on exploitation for a cross site scripting vulnerability in Payara's administration REST interface. Versions below 4.1.2.191.54, 5.83.0, 6.34.0, and 7.2026.1 are affected. XSS to Admin account takeover CVE-2025-14340 A Cross-Site Scripting vulnerability in Payara’s Administration...

9.3CVSS5.2AI score0.00567EPSS

Exploits1

RedhatCVE•added 2026/02/19 7:21 p.m.•0 views

CVE-2025-14340

Cross-site scripting in REST Management Interface in Payara Server 4.1.2.191.54, 5.83.0, 6.34.0, 7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload...

9.3CVSS5.4AI score0.00567EPSS

Exploits1References1

NVD•added 2026/02/18 2:16 p.m.•3 views

CVE-2025-14340

9.3CVSS0.00567EPSS

Exploits1References1

CVE•added 2026/02/18 1:39 p.m.•4 views

CVE-2025-14340

Payara Server stores a cross-site scripting (XSS) vulnerability in the REST Management Interface affecting versions <4.1.2.191.54, <5.83.0, <6.34.0, and

9.3CVSS5.4AI score0.00567EPSS

Exploits1References1

Vulnrichment•added 2026/02/18 1:39 p.m.•2 views

CVE-2025-14340 Admin Account Takeover via malicious URL payload

9.3CVSS5.4AI score0.00567EPSS

Exploits1References1

Cvelist•added 2026/02/18 1:39 p.m.•18 views

CVE-2025-14340 Admin Account Takeover via malicious URL payload

9.3CVSS0.00567EPSS

Exploits1References1

Positive Technologies•added 2026/02/18 12:0 a.m.•1 views

PT-2026-20388

Name of the Vulnerable Software and Affected Versions Payara Server versions prior to 4.1.2.191.54 Payara Server versions prior to 5.83.0 Payara Server versions prior to 6.34.0 Payara Server versions prior to 7.2026.1 Description A cross-site scripting issue exists in the REST Management Interfac...

9.3CVSS5.8AI score0.00567EPSS

Exploits1References4

CNNVD•added 2026/02/18 12:0 a.m.•3 views

Payara Server 安全漏洞

Payara Server is a cloud-native, innovative open-source middleware platform developed by Payara Ltd. In versions prior to 4.1.2.191.54, 5.83.0, 6.34.0, and 7.2026.1, there were security vulnerabilities. These vulnerabilities stemmed from cross-site scripting in the REST management interface, whic...

9.3CVSS5.7AI score0.00567EPSS

Exploits1References2

RedhatCVE•added 2026/01/07 9:17 a.m.•8 views

CVE-2025-1534

CVE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, fr...

6.8CVSS7.7AI score0.00385EPSS

Exploits0References1