Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (105 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8750 2 Apache, Redhat 3 Karaf, Jboss Amq, Jboss Fuse 2024-11-21 N/A
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.
CVE-2016-6814 2 Apache, Redhat 7 Groovy, Enterprise Linux, Enterprise Linux Server and 4 more 2024-11-21 N/A
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.
CVE-2016-1000229 2 Redhat, Smartbear 4 Jboss Amq, Jboss Fuse, Openshift and 1 more 2024-11-21 6.1 Medium
swagger-ui has XSS in key names
CVE-2015-7559 2 Apache, Redhat 4 Activemq, Jboss A-mq, Jboss Amq and 1 more 2024-11-21 2.7 Low
It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.
CVE-2013-6430 2 Pivotal Software, Redhat 3 Spring Framework, Jboss Amq, Jboss Fuse 2024-11-21 5.4 Medium
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.