Lucene search
K

556 matches found

OSV
OSV
added 2024/12/19 6:31 p.m.2 views

GHSA-PR98-23F8-JWXV QOS.CH logback-core Expression Language Injection vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...

5.9CVSS7.2AI score0.00404EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/12/19 6:31 p.m.82 views

QOS.CH logback-core Expression Language Injection vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...

5.9CVSS7.7AI score0.00404EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/12/19 12:0 a.m.66 views

QOS.CH logback-core Expression Language Injection vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...

5.9CVSS7.7AI score0.00404EPSS
Exploits0References6Affected Software1
GithubExploit
GithubExploit
added 2024/10/08 6:7 p.m.306 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

TPAS Log4Shell PoC This repository contains a Proof of Concep...

10CVSS8.9AI score0.99999EPSS
Exploits351
Vulnrichment
Vulnrichment
added 2024/08/06 2:31 p.m.14 views

CVE-2024-7552 DataGear Data Schema Page ConversionSqlParamValueMapper.java evaluateVariableExpression expression language injection

A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of...

6.5CVSS7.2AI score0.0059EPSS
Exploits1References4
OSV
OSV
added 2024/08/06 3:15 a.m.5 views

CVE-2024-5828

Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00...

9.8CVSS7.3AI score0.00365EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/06 12:0 a.m.6 views

Hitachi Tuning Manager 安全漏洞

Hitachi Tuning Manager is a performance tuning and monitoring tool from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Tuning Manager versions prior to 8.8.7-00 that stems from an expression language injection vulnerability that allows code injection...

9.8CVSS8.8AI score0.00365EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/05 12:0 a.m.6 views

PT-2024-5839 · Hitachi · Hitachi Tuning Manager

Name of the Vulnerable Software and Affected Versions: Hitachi Tuning Manager versions prior to 8.8.7-00 Description: The issue is related to an Expression Language Injection vulnerability in Hitachi Tuning Manager, which allows code injection. This vulnerability can be exploited by a remote...

9.8CVSS8.6AI score0.00365EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2024/06/19 3:31 p.m.526 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 A code injection attack on spring cloud gate...

10CVSS9.5AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2024/05/08 4:25 a.m.504 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 En las versiones 3.1.6, 3.2.2 y versiones anter...

9.8CVSS9.7AI score0.99939EPSS
Exploits36
NVD
NVD
added 2024/05/03 3:16 a.m.40 views

CVE-2023-51593

Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...

9.8CVSS10AI score0.01603EPSS
Exploits0References1
OSV
OSV
added 2024/05/03 3:16 a.m.5 views

CVE-2023-51593

Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...

9.8CVSS6.3AI score0.01603EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/03 2:15 a.m.19 views

CVE-2023-51593 Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability

Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...

9.8CVSS8.4AI score0.01603EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/03 2:15 a.m.30 views

CVE-2023-51593 Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability

Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...

9.8CVSS10AI score0.01603EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 2:15 a.m.68 views

CVE-2023-51593

Voltronic Power ViewPower Pro is affected by a remote code execution due to a Struts2 expression language injection flaw. The vulnerability allows unauthenticated attackers to execute arbitrary code in the context of LOCAL SERVICE. Root cause: a vulnerable expression language handling in a Struts...

9.8CVSS9.9AI score0.01603EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2024/05/02 6:31 p.m.352 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 CVE-2022-26134 - Confluence Pre-Auth RCE | OGNL...

9.8CVSS9.4AI score0.99999EPSS
Exploits75
Veracode
Veracode
added 2024/03/26 6:47 a.m.24 views

Expression Language Injection

OpenMetadata is vulnerable to Expression Language Injection. The vulnerability is due to in validateExpression function evaluates SpEL expressions using a StandardEvaluationContext, This enabling interaction with Java classes like java.lang.Runtime, ultimately resulting in Remote Code Execution...

8.8CVSS7.2AI score0.07888EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2024/03/26 5:25 a.m.27 views

Expression Language Injection

OpenMetadata is vulnerable to Expression Language Injection. The vulnerability is caused due to a lack of proper authorization checks, allowing attackers to execute arbitrary code by exploiting Expression language injection in the CompiledRule::validateExpression method...

9.4CVSS8AI score0.12527EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2024/03/15 8:15 p.m.21 views

CVE-2024-28847

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from EventSubscriptionRepository.prepare,...

8.8CVSS9AI score0.02372EPSS
Exploits1References6
OSV
OSV
added 2024/02/20 2:15 a.m.6 views

CVE-2024-0715

Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03...

9.8CVSS5.8AI score0.00457EPSS
Exploits0References1
Rows per page
Query Builder