CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploit DB•added 2026/05/30 12:0 a.m.•41 views

YAMCS yamcs-core 5.12.7 - No Rate Limiting

Exploit Title: YAMCS yamcs-core 5.12.7 - No Rate Limiting Date: 2026-05-27 Exploit Author: Daniel Miranda Barcelona Excal1bur Vendor Homepage: https://yamcs.org Software Link: https://github.com/yamcs/yamcs Version: 5.12.7 Tested on: Linux CVE: CVE-2026-44596 Category: Remote / Brute Force...

5.8AI score0.00052EPSS

GithubExploit•added 2026/05/29 2:35 p.m.•75 views

Exploit for CVE-2026-42568

CVE-2026-42568 — YAMCS LDAP Injection in LdapAuthModule Su...

5.9AI score0.01009EPSS

Exploits3

GithubExploit•added 2026/05/29 2:31 p.m.•71 views

Exploit for CVE-2026-44595

CVE-2026-44595 — YAMCS Unauthorized User Enumeration via IAM A...

5.8AI score0.00028EPSS

GithubExploit•added 2026/05/29 1:42 p.m.•68 views

Exploit for CVE-2026-44596

CVE-2026-44596 — YAMCS No Rate Limiting on Authentication Endp...

5.8AI score0.00052EPSS

Snyk•added 2026/05/27 10:49 p.m.•3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the dynamic evaluation of user-supplied algorithm code in the script evaluation engine. An attacker can execute arbitrary operating system commands by injecting malicious Jython code through the REST API whe...

9.4CVSS6AI score0.00473EPSS

Exploits0References2

vulnersOsv•added 2026/05/27 10:49 p.m.•2 views

org.yamcs:distribution (>=4.7.1 <=5.12.6), org.yamcs:packet-viewer (>=4.10.3 <=5.12.6) +14 more potentially affected by CVE-2026-46621 via org.yamcs:yamcs-core (>=0.29.3 <=5.12.6)

org.yamcs:yamcs-core MAVEN version =0.29.3, =4.7.1, =4.10.3, =4.10.3, =5.10.0, =5.10.0, =3.4.0, =4.5.0, =0.1.0, =0.1, =4.5.0, =0.29.3, =1.0.0, =4.7, =4.10.3, =5.12.6 and more Source cves: CVE-2026-46621 Source advisory: OSV:GHSA-2G95-6X5Q-XJWJ...

vulnersOsv•added 2026/05/27 10:49 p.m.•3 views

org.yamcs:distribution (>=5.0.0 <=5.12.6), org.yamcs:packet-viewer (>=5.0.0 <=5.12.6) +9 more potentially affected by CVE-2026-46621 via org.yamcs:yamcs-core (>=5.0.0 <=5.12.6)

org.yamcs:yamcs-core MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.10.0, =5.10.0, =0.1.0, =0.1, =1.0.0, =5.0.0, =5.0.0, =0.1.0, =0.8.0 Source cves: CVE-2026-46621 Source advisory: SNYK:JAVA-ORGYAMCS-17230855...

Snyk•added 2026/05/27 10:45 p.m.•2 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the updateAlgorithm process. An attacker can execute arbitrary code on the server by supplying crafted JavaScript payloads that are evaluated without...

9.8CVSS6AI score0.00562EPSS

Exploits0References2

vulnersOsv•added 2026/05/27 10:45 p.m.•3 views

org.yamcs:distribution (>=4.7.1 <=5.12.6), org.yamcs:packet-viewer (>=4.10.3 <=5.12.6) +14 more potentially affected by CVE-2026-46562 via org.yamcs:yamcs-core (>=0.29.3 <=5.12.6)

5.5AI score0.00562EPSS

vulnersOsv•added 2026/05/27 10:45 p.m.•3 views

org.yamcs:distribution (>=5.0.0 <=5.12.6), org.yamcs:packet-viewer (>=5.0.0 <=5.12.6) +9 more potentially affected by CVE-2026-46562 via org.yamcs:yamcs-core (>=5.0.0 <=5.12.6)

org.yamcs:yamcs-core MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.10.0, =5.10.0, =0.1.0, =0.1, =1.0.0, =5.0.0, =5.0.0, =0.1.0, =0.8.0 Source cves: CVE-2026-46562 Source advisory: SNYK:JAVA-ORGYAMCS-17230916...

5.5AI score0.00562EPSS

Snyk•added 2026/05/27 12:5 a.m.•3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the JavaExprAlgorithmExecutionFactory process. An attacker can execute arbitrary code on the underlying operating system by injecting malicious Java expressions through the REST API when authenticated with th...

9.4CVSS6AI score0.00473EPSS

Exploits0References2

vulnersOsv•added 2026/05/27 12:5 a.m.•4 views

org.yamcs:distribution (>=4.7.1 <=5.12.6), org.yamcs:packet-viewer (>=4.10.3 <=5.12.6) +14 more potentially affected by CVE-2026-44632 via org.yamcs:yamcs-core (>=0.29.3 <=5.12.6)

vulnersOsv•added 2026/05/27 12:5 a.m.•3 views

org.yamcs:distribution (>=5.0.0 <=5.12.6), org.yamcs:packet-viewer (>=5.0.0 <=5.12.6) +9 more potentially affected by CVE-2026-44632 via org.yamcs:yamcs-core (>=5.0.0 <=5.12.6)

org.yamcs:yamcs-core MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.10.0, =5.10.0, =0.1.0, =0.1, =1.0.0, =5.0.0, =5.0.0, =0.1.0, =0.8.0 Source cves: CVE-2026-44632 Source advisory: SNYK:JAVA-ORGYAMCS-17230148...

Snyk•added 2026/05/27 12:4 a.m.•4 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force through the handleToken process. An attacker can gain unauthorized access to user accounts by performing unlimited authentication attempts without restriction. PoC 20 attempts — zero rate limiting for i in $seq 1 20; do curl...

8.2CVSS5.5AI score0.00052EPSS

Exploits2References2

vulnersOsv•added 2026/05/27 12:4 a.m.•4 views

org.yamcs:distribution (>=4.7.1 <=5.12.6), org.yamcs:packet-viewer (>=4.10.3 <=5.12.6) +14 more potentially affected by CVE-2026-44596 via org.yamcs:yamcs-core (>=0.29.3 <=5.12.6)

5.4AI score0.00052EPSS

vulnersOsv•added 2026/05/27 12:4 a.m.•4 views

org.yamcs:distribution (>=5.0.0 <=5.12.6), org.yamcs:packet-viewer (>=5.0.0 <=5.12.6) +9 more potentially affected by CVE-2026-44596 via org.yamcs:yamcs-core (>=5.0.0 <=5.12.6)

org.yamcs:yamcs-core MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.10.0, =5.10.0, =0.1.0, =0.1, =1.0.0, =5.0.0, =5.0.0, =0.1.0, =0.8.0 Source cves: CVE-2026-44596 Source advisory: SNYK:JAVA-ORGYAMCS-17230791...

5.4AI score0.00052EPSS