CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

104 matches found

CVE-2026-25551

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

8.5CVSS6AI score0.00039EPSS

Exploits0References1

ATTACKERKB•added 3 days ago•4 views

CVE-2026-25551

8.5CVSS6.2AI score0.00039EPSS

Exploits0References4

Positive Technologies•added 3 days ago•10 views

PT-2026-46298

8.5CVSS6.2AI score0.00039EPSS

Exploits0References4

GithubExploit•added 2026/01/07 12:0 a.m.•173 views

Exploit for Deserialization of Untrusted Data in Vmware Spring_Framework

CVE-2016-1000027-with-c...

9.8CVSS7.7AI score0.60417EPSS

Exploits4

GithubExploit•added 2025/12/24 1:22 p.m.•180 views

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere_Managed_File_Transfer

Structure du projet cve-2023-0669-simulation/ ├── docker-comp...

7.2CVSS8.6AI score0.94378EPSS

Exploits12

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2021-14095

Malware in sbrugna...

9.8CVSS9.2AI score0.01988EPSS

Exploits1References2

Gitee•added 2025/09/14 5:17 p.m.•210 views

Shiro_exploit

This is a Python script for exploiting Apache Shiro vulnerabilities. The script is designed to detect and exploit Shiro's deserialization vulnerability. Here's a breakdown of the script: Importing Libraries The script starts by importing various Python libraries, including os, re, base64, uuid,...

7.2AI score

Exploits0

Gitee•added 2025/09/13 5:43 p.m.•136 views

shiro-exploit

This is a Python script for exploiting a vulnerability in Apache Shiro, a Java-based security framework. The script is designed to bypass authentication and authorization checks in Shiro, allowing an attacker to gain unauthorized access to sensitive data. The script uses the Crypto.Cipher module ...

7.3AI score

Exploits0

GithubExploit•added 2025/03/24 6:47 p.m.•304 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

Tomcat CVE-2025-24813 playground ===============================...

9.8CVSS9.1AI score0.9413EPSS

Exploits44

GithubExploit•added 2025/03/22 3:16 p.m.•296 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813-PoC === CVE-2025-24813 affects Apache Tomcat - i...

9.8CVSS9.1AI score0.9413EPSS

Exploits44

GithubExploit•added 2024/01/17 7:31 a.m.•102 views

Exploit for Code Injection in Apache Ofbiz

Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-20...

9.8CVSS10AI score0.93996EPSS

Exploits16

GithubExploit•added 2024/01/13 5:40 a.m.•146 views

Exploit for Server-Side Request Forgery in Apache Ofbiz

BadBizness Automatic exploitation scrip...

9.8CVSS9.6AI score0.93996EPSS

Exploits16

GithubExploit•added 2024/01/13 5:40 a.m.•123 views

Exploit for Server-Side Request Forgery in Apache Ofbiz

BadBizness Automatic exploitation scrip...

9.8CVSS9.6AI score0.93996EPSS

Exploits16

GithubExploit•added 2024/01/06 4:7 a.m.•367 views

Exploit for Server-Side Request Forgery in Apache Ofbiz

CVE-2023-51467 Graphical Apache Ofbiz: CVE-2023-51467 – Remo...

9.8CVSS7.8AI score0.93996EPSS

Exploits12

GithubExploit•added 2024/01/02 2:20 p.m.•166 views

Exploit for Code Injection in Apache Ofbiz

Apache OFBiz Authentication Bypass Vulnerability CVE-2023-514...

9.8CVSS10AI score0.93996EPSS

Exploits16

GithubExploit•added 2023/12/14 9:32 a.m.•594 views

Exploit for Code Injection in Apache Ofbiz

ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For C...

9.8CVSS9.5AI score0.9396EPSS

Exploits11

Hacker One•added 2023/08/29 5:31 p.m.•96 views

Internet Bug Bounty: CVE-2023-40195: Apache Airflow Spark Provider Deserialization Vulnerability RCE

Apache Airflow Spark Provider before 4.1.3 was affected by a deserialization vulnerability that allowed remote code execution RCE. Attackers could exploit this vulnerability by configuring a malicious Spark server address through the Airflow UI, which would then manipulate the PySpark clients...

8.8CVSS9AI score0.03032EPSS

Exploits0

OSV•added 2022/05/13 1:30 a.m.•1 views

GHSA-WFW7-6632-XCV2 Jenkins CLI Deserialization of Untrusted Data vulnerability

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in ysoserial"...

9.8CVSS7.4AI score0.86333EPSS

Exploits12References16

Github Security Blog•added 2022/05/13 1:30 a.m.•29 views

Jenkins CLI Deserialization of Untrusted Data vulnerability

9.8CVSS9.8AI score0.86333EPSS

Exploits12References16Affected Software1

Kitploit•added 2022/03/26 11:30 a.m.•24 views

Zkar - A Java Serialization Protocol Analysis Tool Implement In Go

ZKar is a Java serialization protocol analysis tool implement in Go. This tool is still work in progress , so no complete API document and contribution guide. ZKar provides: A Java serialization payloads parser and viewer in pure Go, no CGO or JDK is required From the Java serialization protocol ...

7.5AI score

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by