| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Known vulnerabilities affecting Java products and systems
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2021-46030 | There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuarkBBS <= v2. By entering specific statements into the background tag management module, the attack statement will be stored in the ... | 5.4 | 333 | Neutral | Yes |
| No |
| CVE-2021-44538 | The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state ... | 9.8 | 674 | Neutral | No | Yes |
| CVE-2021-43570 | The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | 9.8 | 690 | Neutral | Yes | Yes |
| CVE-2021-42575 | The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the `SELECT`, `STYLE`, and `OPTION` elements. | 9.8 | 776 | Neutral | Yes | Yes |
| CVE-2021-4213 | A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force t... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2021-41561 | Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions. | 7.5 | 471 | Neutral | No | Yes |
| CVE-2021-41251 | ### Impact This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In some cases, when user information was missing, destinations ... | 5.9 | 219 | Neutral | No | Yes |
| CVE-2021-4106 | A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0 | 7.8 | 431 | Neutral | No | Yes |
| CVE-2021-41041 | In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified ... | 5.3 | 124 | Neutral | No | Yes |
| CVE-2021-40831 | The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation i... | 7.2 | 313 | Neutral | No | Yes |
| CVE-2021-40830 | The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succee... | 8.8 | 551 | Neutral | No | Yes |
| CVE-2021-40829 | Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not ... | 8.8 | 551 | Neutral | No | Yes |
| CVE-2021-40828 | Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not... | 8.8 | 551 | Neutral | No | Yes |
| CVE-2021-40823 | ### Impact A logic error in the room key sharing functionality of matrix-js-sdk before 12.4.1 allows a malicious Matrix homeserver† participating in an encrypted room to steal room encryption keys fr... | 5.9 | 219 | Neutral | No | Yes |
| CVE-2021-40690 | All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from ... | 7.5 | 450 | Neutral | No | Yes |
| CVE-2021-40660 | An issue was discovered in Delight Nashorn Sandbox. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack. | 7.5 | 487 | Neutral | Yes | Yes |
| CVE-2021-37942 | A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerabili... | 7.8 | 431 | Neutral | No | Yes |
| CVE-2021-37941 | A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a m... | 7.8 | 431 | Neutral | No | Yes |
| CVE-2021-37819 | PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java. | 7.5 | 386 | Neutral | No | Yes |
| CVE-2021-37694 | The following was initially reported by @jonaslagoni: Given the following command: `ag ./dummy.json @asyncapi/java-spring-cloud-stream-template --force-write --output ./output` With the following As... | 7.8 | 696 | Neutral | Yes | Yes |