557 matches found
EUVD-2020-28303
Malware in sbrugna...
EUVD-2020-28327
Malware in sbrugna...
EUVD-2020-28322
Malware in sbrugna...
EUVD-2020-28317
Malware in sbrugna...
EUVD-2020-28329
Malware in sbrugna...
EUVD-2020-28318
Malware in sbrugna...
EUVD-2020-28328
Malware in sbrugna...
EUVD-2020-28308
Malware in sbrugna...
EUVD-2015-0292
Malware in sbrugna...
EUVD-2020-28292
Malware in sbrugna...
EUVD-2020-28311
Malware in sbrugna...
EUVD-2024-16505
Malicious code in bioql PyPI...
EUVD-2023-56305
Malicious code in bioql PyPI...
EUVD-2022-51508
Malicious code in bioql PyPI...
EUVD-2024-46974
Malicious code in bioql PyPI...
EUVD-2022-2197
Malicious code in bioql PyPI...
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via the QLExpressEngine process. An attacker can execute arbitrary code by submitting crafted expressions that trigger...
📄 Commvault CLI Argument Injection / Traversal / Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution exploit chain for Commvault, tracked as CVE-2025-57790 and CVE-2025-57791. A command-line injection permits unauthenticated access to the localadmin account, which then facilitates code execution via expression language...
Security Bulletin: Arbitrary Code Execution via JaninoEventEvaluator in Logback-Core (Versions 0.1–1.3.14, 1.4.0–1.5.12) through Malicious Configuration or Environment Variable Injection affects watsonx.data
Summary ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...
Expression Language Injection
Overview Affected versions of this package are vulnerable to Expression Language Injection in the GatewayEvaluationContext method, which allows property modification that in turn enables code execution. Only Webflux applications are vulnerable, not WebMVC applications. Additionally, the following...