Apache Unomi <1.5.2 - Remote Code Execution

Apache Unomi allows conditions to use OGNL and MVEL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. This vulnerability affects all versions of Apache Unomi prior to 1.5.2. id:...

PT-2026-22281

Warning: Critical OS command injection vulnerability in various Zyxel routers. CVE-2026-13942 CVSS: 9.8. More info: https://t.co/OP4W33By2v Patch Patch Patch...

CVE-2025-13942

creationtimestamp| type| source ---|---|--- 2026-02-24 04:01:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mflbs327is2c 2026-02-24 05:12:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mflfrwgeqb2y 2026-02-24 06:22:11+00:00| seen|...

CVE-2019-13942

creationtimestamp| type| source ---|---|--- 2024-03-11 09:11:26+00:00| seen| https://t.me/ctinow/204529...

CVE-2017-13942

Rejected reason: This candidate is unused by its CNA...

org.apache.unomi:unomi-docker (>=1.5.0 <=1.5.1) potentially affected by CVE-2020-13942 via org.apache.unomi:unomi (>=1.5.0 <=1.5.1)

org.apache.unomi:unomi MAVEN version =1.5.0, =1.5.0, =1.5.1 Source cves: CVE-2020-13942 Source advisory: OSV:GHSA-XP5J-WJ4H-2JQ9...

Heartland OA2021 Winter Snow Edition suffers from a logic flaw vulnerability (CNVD-2022-13942)

Heartland OA is developed based on the SaaS architecture of cloud computing model to meet the needs of government cloud, industrial cloud, education cloud and other intelligent cloud platform construction. A logic flaw vulnerability exists in Heartland OA2021 Winter Snow Edition, which can be...

CVE-2018-13942

...

CVE-2018-13942

CVE-2018-13942 is rejected and does not represent an active vulnerability entry.

Exploit for Improper Input Validation in Apache Unomi

CVE-2020-13942 Run httpx or httprob on the...

Exploit for Improper Input Validation in Apache Unomi

CVE-2020-13942 Original blog post about the vulnerability: ht...

Apache Unomi Remote Code Execution(CVE-2020-13942)

A remote code execution vulnerability exists in the Apache Unomi project. The vulnerability is due to insufficient validation of OGNL and MVEL2. Successful exploitation of this vulnerability could result in execution of arbitrary code...

CVE-2020-13942

CVE-2020-13942 affects Apache Unomi before 1.5.2, where OGNL/MVEL-based input could lead to remote code execution via the /context.json endpoint. The root cause is unsafely evaluating scripting expressions in conditions, allowing an attacker to invoke Java classes and functions; multiple public P...

CVE-2020-13942 Remote Code Execution in Apache Unomi

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest...

Exploit for CVE-2020-11975

Statement The vulnerability detection methods, documents, a...

CVE-2020-13942

creationtimestamp| type| source ---|---|--- 2020-11-23 03:53:17+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/2119 2020-11-23 09:45:55+00:00| published-proof-of-concept| https://t.me/cKure/2943 2020-11-24 20:46:57+00:00| seen| https://t.me/cibsecurity/16796 2023-11-22...

Exploit for Improper Input Validation in Apache Unomi

CVE-2020-13942 Run httpx or httprob on the...

Exploit for Improper Input Validation in Apache Unomi

CVE-2020-13942 POC + Automation Script Steps S...

Exploit for Improper Input Validation in Apache Unomi

CVE-2020-13942 CVE-2020-13942 POC by Eugene Rojavski Origi...

WAF JSON decoding capability required to protect against API threats like CVE-2020-13942 Apache Unomi RCE

New critical Apache Unomi exploit was released yesterday. As an official press release says: "Apache Unomi is the industrys first reference implementation of the upcoming OASIS CDP specification established by the OASIS CXS Technical Committee, which sets standards as a core technology for enabli...