Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
java vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-36944
Scala 2.13.x prior to 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows malicious users to erase contents of arbitr...
Scala-lang Scala
Scala-lang Scala-collection-compat
Fedoraproject Fedora 35
Fedoraproject Fedora 36
1 Github repository
9.8
CVSSv3
CVE-2022-37767
Pebble Templates 3.1.5 allows malicious users to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input...
Pebbletemplates Pebble Templates 3.1.5
9.8
CVSSv3
CVE-2022-37021
Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1...
Apache Geode
Apache Geode 1.14.0
9.8
CVSSv3
CVE-2022-34916
Apache Flume versions 1.4.0 up to and including 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to al...
Apache Flume
9.8
CVSSv3
CVE-2022-29805
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory prior to 2022.4.1 allows remote malicious users to execute arbitrary code via a crafted XML payload.
Fishbowlinventory Fishbowl
9.8
CVSSv3
CVE-2022-36950
In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x up to and including 8.3.0.2, 9.x up to and including 9.0.0.1, 9.1.x up to and including 9.1.0.1, and 10.
Veritas Netbackup 9.1.0.0
Veritas Netbackup 9.0
Veritas Netbackup
9.8
CVSSv3
CVE-2022-24405
OX App Suite up to and including 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.
Open-xchange Ox App Suite
9.8
CVSSv3
CVE-2022-35912
In grails-databinding in Grails prior to 3.3.15, 4.x prior to 4.1.1, 5.x prior to 5.1.9, and 5.2.x prior to 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote malicious user to execute code by gaining access to the class loader.
Grails Grails
Grails Grails 5.2.0
9.8
CVSSv3
CVE-2022-35405
Zoho ManageEngine Password Manager Pro prior to 12101 and PAM360 prior to 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus prior to 4303 with authentication.)
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Pam360
Zohocorp Manageengine Pam360 5.5
1 Github repository
9.8
CVSSv3
CVE-2021-41419
QVIS NVR DVR prior to 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.
Qvis Dvr Firmware
Qvis Nvr Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »