Lucene search
+L

73 matches found

RedhatCVE
RedhatCVE
added 3 days ago10 views

CVE-2026-15538

A flaw was found in PrimeFaces PrimeReact. A remote attacker can exploit a weakness in the ObjectUtils.mutateFieldData function within the component API. This allows for the improper modification of object prototype attributes, potentially leading to unexpected behavior or further attacks. This...

6.5CVSS6.6AI score0.00256EPSS
Exploits0References10
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43294

A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be...

6.5CVSS6.4AI score0.00256EPSS
Exploits0References8
NVD
NVD
added 3 days ago4 views

CVE-2026-15538

A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be...

6.5CVSS0.00256EPSS
Exploits0References7
CVE
CVE
added 3 days ago9 views

CVE-2026-15538

CVE-2026-15538 affects PrimeFaces PrimeReact up to 10.9.8. The vulnerability is in the API function ObjectUtils.mutateFieldData, where manipulation of the argument Field enables prototype attribute modification (prototype pollution). The attack is stated as remotely exploitable. The issue notes t...

6.5CVSS6.4AI score0.00256EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-15538 primefaces primereact API ObjectUtils.mutateFieldData prototype pollution

A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be...

6.5CVSS0.00256EPSS
Exploits0References7
OSV
OSV
added 3 days ago3 views

CVE-2026-15538 primefaces primereact API ObjectUtils.mutateFieldData prototype pollution

A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.9 views

CVE-2020-10544

An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation...

6.1CVSS6.1AI score0.00811EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-1068

Malware in sbrugna...

6.1CVSS6.3AI score0.00811EPSS
Exploits0References5
Rapid7 Blog
Rapid7 Blog
added 2024/12/13 7:36 p.m.63 views

Metasploit Weekly Wrap-Up 12/13/2024

It’s raining RCEs! It's the second week of December and the weather forecast announced another storm of RCEs in Metasploit-Framework land. This weekly release includes RCEs for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and CyberPanel along with two modules to change...

10CVSS9.8AI score0.94798EPSS
Exploits60
Metasploit
Metasploit
added 2024/12/07 6:54 p.m.1239 views

Primefaces Remote Code Execution Exploit

This module exploits a Java Expression Language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt. Tested against Docker...

9.8CVSS9.9AI score0.94104EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/03 6:32 a.m.6 views

Multiple vulnerabilities in UNIVERSAL PASSPORT RX

Overview UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-42427 Dependency on vulnerable third-party component CWE-1395 Known vulnerability in Primefaces library used in the product Cross-sit...

6.5CVSS7.3AI score0.00289EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/03 12:0 a.m.32 views

JVN#43215077: Multiple vulnerabilities in UNIVERSAL PASSPORT RX

UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2023-42427 Dependency on vulnerable third-party component CWE-1395 Known vulnerability in...

6.5CVSS6.7AI score0.00289EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/12/07 12:0 a.m.80 views

PrimeTek PrimeFaces Remote Code Execution (CVE-2017-1000486)

Binary data primetekprimefacescve-2017-1000486.nbin...

9.8CVSS9.6AI score0.94104EPSS
Exploits6References4
Veracode
Veracode
added 2022/03/09 3:31 a.m.20 views

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of the input values in AvatarRenderer.java allowing an attacker to inject maliciously crafted script via writeText function...

3.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/01/19 12:0 a.m.164 views

PrimeFaces 4.0.x < 4.0.25 / 5.x < 5.2.21 / 5.3.x < 5.3.8 Expression Language Injection

In affected versions of PrimeFaces, an expression language injection vulnerability exists that would allow an unauthenticated user to execute arbitrary code due to a weak encryption flaw. No source data...

9.8CVSS10AI score0.94104EPSS
Exploits6References3
CISA KEV Catalog
CISA KEV Catalog
added 2022/01/10 12:0 a.m.78 views

Primetek Primefaces Remote Code Execution Vulnerability

Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution...

9.8CVSS4.4AI score0.94104EPSS
In wildExploits6
OSV
OSV
added 2021/06/03 7:22 p.m.55 views

GHSA-J239-4GQG-5J54 Inadequate Encryption Strength

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution...

9.8CVSS9.6AI score0.94104EPSS
Exploits6References5
Github Security Blog
Github Security Blog
added 2021/06/03 7:22 p.m.92 views

Inadequate Encryption Strength

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution...

9.8CVSS4.2AI score0.94104EPSS
Exploits6References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:16 p.m.73 views

Cross-site Scripting in PrimeFaces

An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation...

6.1CVSS1.9AI score0.00811EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2021/05/07 4:16 p.m.30 views

GHSA-FW5F-7C6C-3VMV Cross-site Scripting in PrimeFaces

An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation...

6.1CVSS6AI score0.00811EPSS
Exploits0References4
Rows per page
Query Builder