CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

12 matches found

Veracode•added 2025/12/23 4:47 p.m.•5 views

Deserialization Of Untrusted Data

Apache Causeway is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe Java deserialization of user-controllable URL parameters in ViewModel handling, which allows an authenticated attacker to execute arbitrary code with application privileges...

6.3CVSS7.9AI score0.01294EPSS

Exploits0References4Affected Software4

RedhatCVE•added 2025/11/20 9:37 p.m.•5 views

CVE-2025-64408

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...

6.3CVSS8.8AI score0.01294EPSS

Exploits0References1

NVD•added 2025/11/19 11:15 a.m.•4 views

CVE-2025-64408

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...

6.3CVSS0.01294EPSS

Exploits0References2

OSV•added 2025/11/19 11:15 a.m.•2 views

CVE-2025-64408

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...

6.3CVSS8.7AI score

Exploits0References2

Snyk•added 2025/11/19 10:46 a.m.•1 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ViewModel functionality. An authenticated attacker can execute arbitrary code with application privileges by supplying crafted data through user-controllable URL parameters. Details Serializatio...

8.8CVSS7.5AI score0.01294EPSS

Exploits0References2

Snyk•added 2025/11/19 10:46 a.m.•1 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ViewModel functionality. An authenticated attacker can execute arbitrary code with application privileges by supplying crafted data through user-controllable URL parameters. Details Serializatio...

8.8CVSS7.5AI score0.01294EPSS

Exploits0References2

Snyk•added 2025/11/19 10:46 a.m.•1 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ViewModel functionality. An authenticated attacker can execute arbitrary code with application privileges by supplying crafted data through user-controllable URL parameters. Details Serializatio...

8.8CVSS7.5AI score0.01294EPSS

Exploits0References2

Snyk•added 2025/11/19 10:46 a.m.•2 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ViewModel functionality. An authenticated attacker can execute arbitrary code with application privileges by supplying crafted data through user-controllable URL parameters. Details Serializatio...

8.8CVSS7.5AI score0.01294EPSS

Exploits0References2

Snyk•added 2025/11/19 10:46 a.m.•1 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ViewModel functionality. An authenticated attacker can execute arbitrary code with application privileges by supplying crafted data through user-controllable URL parameters. Details Serializatio...

8.8CVSS7.5AI score0.01294EPSS

Exploits0References2

CVE•added 2025/11/19 10:32 a.m.•8 views

CVE-2025-64408

CVE-2025-64408 affects Apache Causeway. It is a Java deserialization vulnerability in the ViewModel flow that can allow authenticated attackers to execute arbitrary code via user-controllable URL parameters. Impact is described as remote code execution with application privileges across all curre...

6.3CVSS8.4AI score0.01294EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/11/19 10:32 a.m.•2 views

CVE-2025-64408 Apache Causeway: Java deserialization vulnerability to authenticated attackers

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...

Exploits0References1

RedhatCVE•added 2025/05/23 3:7 a.m.•2 views

CVE-2023-20947

In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS6.7AI score0.00017EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by