Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (105 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-6814 2 Apache, Redhat 7 Groovy, Enterprise Linux, Enterprise Linux Server and 4 more 2024-11-21 N/A
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.
CVE-2016-1000229 2 Redhat, Smartbear 4 Jboss Amq, Jboss Fuse, Openshift and 1 more 2024-11-21 6.1 Medium
swagger-ui has XSS in key names
CVE-2015-7559 2 Apache, Redhat 4 Activemq, Jboss A-mq, Jboss Amq and 1 more 2024-11-21 2.7 Low
It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.
CVE-2013-6430 2 Pivotal Software, Redhat 3 Spring Framework, Jboss Amq, Jboss Fuse 2024-11-21 5.4 Medium
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
CVE-2013-4372 1 Redhat 6 Fuse Esb Enterprise, Fuse Management Console, Fuse Mq Enterprise and 3 more 2024-08-06 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.