CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1631 matches found

XStream <1.4.18 - Server-Side Request Forgery

XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...

8.5CVSS6.9AI score0.11468EPSS

Exploits2References5

Nuclei•added yesterday•48 views

XStream <1.4.14 - Remote Code Execution

XStream before 1.4.14 is susceptible to remote code execution. An attacker can run arbitrary shell commands by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of...

9.3CVSS7.2AI score0.85001EPSS

Exploits7References5

Nuclei•added yesterday•44 views

XStream < 1.4.16 - Remote Code Execution

XStream before 1.4.16 is susceptible to remote code execution. An attacker who has sufficient rights can execute host commands via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operation...

9.9CVSS7.1AI score0.7295EPSS

Exploits1References5

Nuclei•added yesterday•47 views

XStream 1.4.18 - Remote Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

8.5CVSS7.2AI score0.16245EPSS

Exploits2References5

Nuclei•added yesterday•38 views

XStream 1.4.18 - Arbitrary Code Execution

8.5CVSS7.2AI score0.14414EPSS

Exploits0References5

Nuclei•added yesterday•47 views

XStream <1.4.15 - Server-Side Request Forgery

XStream before 1.4.15 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorize...

7.7CVSS6.8AI score0.81442EPSS

Exploits4References5

AstraLinux•added 4 days ago•2 views

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. In XStream before version 1.4.16, there was a vulnerability where the processed stream at unmarshalling time contained type information that allowed new instances to be created based on those type information. An attacker...

9.1CVSS7.1AI score0.50145EPSS

Exploits1References1

Nuclei•added 5 days ago•51 views

XStream <1.4.6/1.4.10 - Remote Code Execution

Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to...

9.8CVSS8.6AI score0.84362EPSS

Exploits5References5

OSV•added 6 days ago•7 views

ROOT-APP-MAVEN-CVE-2024-47072 CVE-2024-47072 in io.root.com.thoughtworks.xstream:xstream - Patched by Root

Root has patched CVE-2024-47072 in the io.root.com.thoughtworks.xstream:xstream package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.02015EPSS

Exploits0

Nuclei•added 6 days ago•43 views

XStream <1.4.17 - Remote Code Execution

XStream before 1.4.17 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of...

8.8CVSS7.8AI score0.77735EPSS

Exploits1References5

Nuclei•added 2026/06/16 7:13 a.m.•42 views

XStream <1.4.16 - Remote Code Execution

XStream before 1.4.16 is susceptible to remote code execution. An attacker can load and execute arbitrary code from a remote host via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative...

9.1CVSS7.4AI score0.82552EPSS

Exploits1References5

Nuclei•added 2026/06/16 7:13 a.m.•51 views

XStream 1.4.18 - Remote Code Execution

8.5CVSS8.1AI score0.9851EPSS

Exploits6References5

Tenable Nessus•added 2026/05/22 12:0 a.m.•9 views

Unity Linux 20.1070e Security Update: xstream (UTSA-2026-016761)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016761 advisory. XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on...

7.5CVSS7.2AI score0.08151EPSS

Exploits1References4

AstraLinux•added 2026/05/20 5:53 a.m.•4 views