416 matches found
EUVD-2025-28915
Malicious code in bioql PyPI...
EUVD-2025-26702
Malicious code in bioql PyPI...
org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...
org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...
org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...
CVE-2025-42944
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...
CVE-2025-42944
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...
CVE-2025-42944 Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4)
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...
CVE-2025-42944
The CVE-2025-42944 vulnerability affects SAP NetWeaver (notably the NetWeaver Application Server Java) via insecure deserialization in the RMI-P4 module. An unauthenticated, remote attacker can send a malicious payload to an open port, leading to arbitrary OS command execution with the attacker g...
CVE-2025-42944 Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4)
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...
PT-2025-36562
SAP NetWeaver and Affected Versions SAP NetWeaver versions 5.3 through 10.0 SAP NetWeaver AS Java affected versions not specified Description SAP NetWeaver contains a critical deserialization flaw in the RMI-P4 module. This allows an unauthenticated attacker to execute arbitrary operating system...
CVE-2025-7388
It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...
CVE-2025-7388 Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface
It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...
Progress Software OpenEdge 命令注入漏洞
Progress Software OpenEdge is a suite of integrated development environments IDEs from Progress Software, USA. A command injection vulnerability exists in Progress Software OpenEdge that stems from insufficient input validation of the Java RMI interface, which could lead to a remote command...
PT-2025-35938
Name of the Vulnerable Software and Affected Versions OpenEdge AdminServer affected versions not specified Description The OpenEdge AdminServer is susceptible to Remote Command Execution RCE via its Java RMI interface. Authenticated users can inject and execute OS commands under the delegated...
Linux Distros Unpatched Vulnerability : CVE-2019-0187
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-serve...
Linux Distros Unpatched Vulnerability : CVE-2019-16943
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...
Linux Distros Unpatched Vulnerability : CVE-2019-16942
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...
Apache CXF < 3.6.8 / 4.x < 4.0.9 / 4.1.x < 4.1.3 RCE (CVE-2025-48913)
The version of Apache CXF installed on the remote host is affected by remote code execution vulnerability. If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restrict...
CVE-2025-48913
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration. Mitigation To reduce risk,...