CVE-2025-14340
- EPSS 0.06%
- Veröffentlicht 18.02.2026 13:39:11
- Zuletzt bearbeitet 18.02.2026 17:51:53
Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.
CVE-2025-1534
- EPSS 0.14%
- Veröffentlicht 01.04.2025 04:15:44
- Zuletzt bearbeitet 14.10.2025 17:25:28
CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5...
CVE-2024-45687
- EPSS 0.22%
- Veröffentlicht 21.01.2025 17:15:14
- Zuletzt bearbeitet 21.01.2025 17:15:14
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulat...
CVE-2024-8097
- EPSS 0.05%
- Veröffentlicht 11.09.2024 17:15:13
- Zuletzt bearbeitet 12.09.2024 12:35:54
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0...
CVE-2023-28462
- EPSS 2.04%
- Veröffentlicht 30.03.2023 20:15:07
- Zuletzt bearbeitet 18.02.2025 19:15:11
A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on t...