Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20 matches found

OSV
OSVadded 2026/06/03 11:16 a.m.7 views

DEBIAN-CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.5AI score0.00586EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/03 9:39 a.m.6 views

EUVD-2026-34069

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.8AI score0.00586EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/28 2:12 a.m.10 views

CVE-2026-42782

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

7.2CVSS6AI score0.00652EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/25 2:58 p.m.12 views

EUVD-2026-31696

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

6AI score0.00652EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:58 p.m.9 views

CVE-2026-42782

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

6AI score0.00652EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/05/25 2:58 p.m.21 views

CVE-2026-42782

CVE-2026-42782 affects Apache Syncope 3.0–3.0.16, 4.0–4.0.5, and 4.1.0, caused by improper isolation that lets an administrator with sufficient entitlements load a malicious Groovy class whose static initializer reaches a non-sandboxed execution path. Remediation is to upgrade to 4.0.6 or 4.1.1, ...

7.2CVSS6AI score0.00652EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/25 2:58 p.m.9 views

CVE-2026-42782 Apache Syncope: Post-auth RCE via Groovy static

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

6AI score0.00652EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/25 12:0 a.m.10 views

PT-2026-43078

Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.16 Apache Syncope versions 4.0 through 4.0.5 Apache Syncope version 4.1.0 Description Improper Isolation or Compartmentalization allows an administrator with sufficient entitlements for Implementations t...

7.2CVSS6.2AI score0.00652EPSS
Exploits0References6
OSV
OSVadded 2026/05/09 12:32 p.m.8 views

OESA-2026-2243 apache-mina security update

Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO. Security Fixes: The fix for...

9.8CVSS6AI score0.0093EPSS
Exploits1References3
Snyk
Snykadded 2026/05/04 6:26 p.m.7 views

Unsafe Reflection

Overview org.apache.opennlp:opennlp-tools is an is a machine learning based toolkit for the processing of natural language text. Affected versions of this package are vulnerable to Unsafe Reflection that leads to arbitrary class instantiation, via the instantiateExtension method in the...

9.8CVSS6.1AI score0.00693EPSS
Exploits0References2
CVE
CVEadded 2026/05/04 4:43 p.m.15 views

CVE-2026-42027

The CVE-2026-42027 issue affects Apache OpenNLP ExtensionLoader: ExtensionLoader.instantiateExtension(Class, String) uses Class.forName() to load a class name from a model archive manifest and invokes its no-arg constructor. Although the isAssignableFrom check filters types after loading, Class.f...

9.8CVSS6.1AI score0.00693EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/05/04 4:43 p.m.30 views

CVE-2026-42027 Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

0.00693EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/04 4:43 p.m.6 views

EUVD-2026-27005

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

6.1AI score0.00693EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2026/05/04 4:43 p.m.5 views

CVE-2026-42027

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

9.8CVSS6.1AI score0.00693EPSS
Exploits0
SUSE CVE
SUSE CVEadded 2023/02/15 5:56 a.m.5 views

SUSE CVE-2010-3708

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...

7.5CVSS7.6AI score0.03017EPSS
Exploits0References3
Veracode
Veracodeadded 2020/04/10 12:50 a.m.31 views

Remote Code Execution (RCE)

JBoss is vulnerable to remote code execution RCE. The vulnerablitiy exists because it allows the embedding of class files, allowing remote attackers to execute arbitrary code via a crafted static initializer...

7.5CVSS7.7AI score0.03017EPSS
Exploits0References10Affected Software14
UbuntuCve
UbuntuCveadded 2010/12/30 9:0 p.m.25 views

CVE-2010-3708

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...

7.5CVSS6AI score0.03017EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2010/12/01 11:48 p.m.3 views

JBoss drools deserialization remote code execution

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...

7.5CVSS6.2AI score0.03017EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2010/12/01 11:34 p.m.4 views

JBoss drools deserialization remote code execution

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...

7.5CVSS6.2AI score0.03017EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2010/12/01 11:13 p.m.4 views

JBoss drools deserialization remote code execution

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...

7.5CVSS6.2AI score0.03017EPSS
Exploits0References4
Rows per page
Query Builder