CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-45841

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.03958EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-0286

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00936EPSS

Exploits0References5

RedhatCVE•added 2025/05/23 5:30 a.m.•2 views

CVE-2023-41331

SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...

9.8CVSS7.6AI score0.03958EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 7:19 a.m.•5 views

CVE-2024-23636

SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...

9.8CVSS7.1AI score0.00936EPSS

Exploits0References1

Github Security Blog•added 2024/01/23 8:10 p.m.•25 views

Remote Command Execution in SOFARPC

Impact SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian...

9.8CVSS7AI score0.00936EPSS

Exploits0References5Affected Software1

OSV•added 2024/01/23 8:10 p.m.•22 views

GHSA-7Q8P-9953-PXVR Remote Command Execution in SOFARPC

9.8CVSS9.6AI score0.00936EPSS

Exploits0References5

NVD•added 2024/01/23 6:15 p.m.•11 views

CVE-2024-23636

9.8CVSS9.7AI score0.00936EPSS

Exploits0References2

Prion•added 2024/01/23 6:15 p.m.•21 views

Deserialization of untrusted data

7.5CVSS7.3AI score0.00936EPSS

Exploits0References2Affected Software1

CVE•added 2024/01/23 5:22 p.m.•50 views

CVE-2024-23636

SOFARPC (Java RPC framework) is vulnerable prior to version 5.12.0 due to a gadget chain that can bypass the Hessian blacklist used to restrict deserialization of potentially dangerous classes. The vulnerability is rooted in the Hessian-based deserialization thatCAN be manipulated by a gadget cha...

9.8CVSS9.6AI score0.00936EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/01/23 5:22 p.m.•13 views

CVE-2024-23636 SOFARPC Remote Command Execution(RCE) Vulnerbility

9.8CVSS9.9AI score0.00936EPSS

Exploits0References2

Vulnrichment•added 2024/01/23 5:22 p.m.•18 views

CVE-2024-23636 SOFARPC Remote Command Execution(RCE) Vulnerbility

9.8CVSS7AI score0.00936EPSS

Exploits0References2

OSV•added 2024/01/23 5:22 p.m.•14 views

CVE-2024-23636 SOFARPC Remote Command Execution(RCE) Vulnerbility

9.8CVSS9.3AI score0.00936EPSS

Exploits0References4

CNNVD•added 2024/01/23 12:0 a.m.•1 views

SOFARPC Code Issue Vulnerability

SOFARPC is a high-performance , highly scalable , production-grade Java RPC framework for SOFAStack . A code issue vulnerability exists in SOFARPC versions prior to 5.12.0, which stems from a gadget chain that bypasses the SOFA Hessian blacklist protection mechanism and relies only on the JDK, no...

9.8CVSS7AI score0.00936EPSS

Exploits0References3

Positive Technologies•added 2024/01/23 12:0 a.m.•3 views

PT-2024-19987 · Oracle · Jdk

Name of the Vulnerable Software and Affected Versions: SOFARPC versions prior to 5.12.0 Description: SOFARPC is a Java RPC framework that defaults to using the SOFA Hessian protocol to deserialize received data. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of...

9.8CVSS9.5AI score0.00936EPSS

Exploits0References9

NVD•added 2023/09/12 8:15 p.m.•11 views

CVE-2023-41331

9.8CVSS10AI score0.03958EPSS

Exploits0References2

Prion•added 2023/09/12 8:15 p.m.•16 views

Deserialization of untrusted data

7.5CVSS9.8AI score0.03958EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/09/12 7:57 p.m.•11 views

CVE-2023-41331 SOFARPC Remote Command Execution (RCE) Vulnerability

9.8CVSS10AI score0.03958EPSS

Exploits0References2

Vulnrichment•added 2023/09/12 7:57 p.m.•13 views

CVE-2023-41331 SOFARPC Remote Command Execution (RCE) Vulnerability

9.8CVSS7.6AI score0.03958EPSS

Exploits0References2

OSV•added 2023/09/12 7:57 p.m.•18 views

CVE-2023-41331 SOFARPC Remote Command Execution (RCE) Vulnerability

9.8CVSS9.6AI score0.03958EPSS

Exploits0References4

CVE•added 2023/09/12 7:57 p.m.•34 views

CVE-2023-41331

Summary: CVE-2023-41331 affects SOFARPC, a Java RPC framework. Versions before 5.11.0 are vulnerable to remote command execution via deserialization, enabling JNDI injection or system command execution through crafted payloads. The default blacklist for dangerous classes is incomplete, allowing g...

9.8CVSS10AI score0.03958EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by