CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/11 1:16 p.m.•11 views

CVE-2026-11561

Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...

9.8CVSS0.00417EPSS

Cvelist•added 2026/06/11 12:28 p.m.•25 views

CVE-2026-11561 SSTI in Soagen Informatics' Apinizer

9.8CVSS0.00417EPSS

CVE•added 2026/06/11 12:28 p.m.•18 views

CVE-2026-11561

CVE-2026-11561 describes an expression language injection in Apinizer by Soagen Informatics Technologies Software and Consulting Inc. The issue arises from improper neutralization of special elements used in an expression language statement, enabling code injection. Affected versions are Apinizer...

9.8CVSS5.5AI score0.00417EPSS

EUVD•added 2026/06/11 12:28 p.m.•7 views

EUVD-2026-36238

5.3CVSS5.5AI score0.00417EPSS

Vulnrichment•added 2026/06/11 12:28 p.m.•7 views

CVE-2026-11561 SSTI in Soagen Informatics' Apinizer

9.8CVSS5.5AI score0.00417EPSS

Snyk•added 2026/06/11 6:10 a.m.•5 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview org.springframework.webflow:spring-webflow is a maven plugin for Spring Web Flow. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via the WebFlowELExpressionParser...

7.2CVSS5.8AI score0.00225EPSS

Cvelist•added 2026/06/11 5:2 a.m.•22 views

CVE-2026-40985 Data Binding Vulnerability in Spring Web Flow with Unified EL Parser

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

6.4CVSS0.00225EPSS

EUVD•added 2026/06/11 5:2 a.m.•13 views

EUVD-2026-36200

6.4CVSS5.5AI score0.00225EPSS

RedhatCVE•added 2026/06/11 2:59 a.m.•8 views

CVE-2026-41719

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

6.4CVSS5.5AI score0.00202EPSS

Positive Technologies•added 2026/06/11 12:0 a.m.•12 views

PT-2026-48658

5.3CVSS5.5AI score0.00417EPSS

Exploits1References2

Positive Technologies•added 2026/06/11 12:0 a.m.•10 views

PT-2026-48613

6.4CVSS5.5AI score0.00225EPSS

CNNVD•added 2026/06/11 12:0 a.m.•11 views

VMware Spring Web Flow 安全漏洞

VMware Spring Web Flow is a web application flow management framework developed by the American company VMware. Versions 4.0.0, 3.0.0 to 3.0.1, and 2.5.0 to 2.5.1 of VMware Spring Web Flow contain security vulnerabilities. These vulnerabilities stem from the possibility of malicious Unified EL...

6.4CVSS5.4AI score0.00225EPSS

CNNVD•added 2026/06/11 12:0 a.m.•10 views

Soagen Apinizer 安全漏洞

Soagen Apinizer is an API management and API gateway platform developed by the Turkish company Soagen. Versions of Soagen Apinizer from 2026.04.0 to 2026.04.6 contained security vulnerabilities. These vulnerabilities were caused by improper handling of special elements in expressions language...

9.8CVSS5.4AI score0.00417EPSS

Snyk•added 2026/06/10 1:13 a.m.•4 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via parameter binding when a repository query method is annotated with @Query and uses a capture-all placeholder. An...

9.2CVSS5.8AI score0.00328EPSS

Snyk•added 2026/06/10 1:13 a.m.•4 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' in the SpelPropertyComparator function. An attacker can execute arbitrary SpEL expressions by supplying crafted input t...

6.4CVSS5.7AI score0.00202EPSS

Snyk•added 2026/06/10 1:13 a.m.•5 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview org.springframework.data:spring-data-rest-webmvc is a maven plugin for Spring Data REST - WebMVC. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' in the processing of...

8.6CVSS5.8AI score0.00393EPSS

EUVD•added 2026/06/10 12:31 a.m.•10 views

EUVD-2026-35901

6.4CVSS5.5AI score0.00202EPSS

EUVD•added 2026/06/10 12:31 a.m.•9 views

EUVD-2026-35906

Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch application/json-patch+json requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL...

8.1CVSS5.5AI score0.00393EPSS