Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (586 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6495 1 Redhat 3 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform, Jboss Portal 2024-11-21 6.1 Medium
JBossWeb Bayeux has reflected XSS
CVE-2012-5626 1 Redhat 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more 2024-11-21 7.5 High
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
CVE-2012-2312 1 Redhat 2 Jboss Application Server, Jboss Enterprise Application Platform 2024-11-21 7.8 High
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.
CVE-2011-2487 2 Apache, Redhat 12 Cxf, Wss4j, Jboss Business Rules Management System and 9 more 2024-11-21 5.9 Medium
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
CVE-2023-1973 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus 2024-11-08 7.5 High
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
CVE-2024-8391 3 Eclipse, Eclipse Foundation, Redhat 6 Vert.x, Vert.x, Camel Quarkus and 3 more 2024-09-12 7.5 High
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).  This is fixed in the 4.5.10 version.  Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)