1084 matches found
📄 Ivanti Endpoint Manager Mobile 12.5.0.0 Authentication Bypass
Ivanti Endpoint Manager Mobile version 12.5.0.0 authentication bypass proof of concept exploit. !/usr/bin/env python3 Exploit Title: Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass Google Dork: inurl:/mifs "Ivanti" OR "EPM" OR "Endpoint Manager" Date: 2025-01-21 Exploit Author: Yo...
Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
!/usr/bin/env python3 Exploit Title: Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass Google Dork: inurl:/mifs "Ivanti" OR "EPM" OR "Endpoint Manager" Date: 2025-01-21 Exploit Author: Your Name https://github.com/your-username Vendor Homepage: https://www.ivanti.com/ Software Link:...
Linux Distros Unpatched Vulnerability : CVE-2010-2087
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view...
Linux Distros Unpatched Vulnerability : CVE-2020-10693
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if...
Linux Distros Unpatched Vulnerability : CVE-2022-22950
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cau...
Linux Distros Unpatched Vulnerability : CVE-2025-29786
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it...
CVE-2025-53192
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities...
CVE-2025-53192
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities...
hibernate-validator: Hibernate Validator Expression Language Injection
A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...
hibernate-validator: Hibernate Validator Expression Language Injection
A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...
hibernate-validator: Hibernate Validator Expression Language Injection
A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...
hibernate-validator: Hibernate Validator Expression Language Injection
A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...
The vulnerability in the `arch/arm64/boot/dts/freescale/imx8ulp.dtsi` file of the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the arch/arm64/boot/dts/freescale/imx8ulp.dtsi component in the Linux operating system’s kernel is related to the lack of measures taken to neutralize special elements used in the expression language operator. Exploiting this vulnerability can allow an attacker to cause a...
jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2022-26134 - Atlassian Confluence OGNL Injection RCE...
Hibernate Validator < 6.2 / 7.0 Arbitrary RCE
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...
Arbitrary Code Injection
org.hibernate.validator:hibernate-validator is vulnerable to Arbitrary Code Injection. The vulnerability is due to expression language injection due to interpolation of user-supplied input in constraint violation messages using Expression Language, which may allow attackers to access sensitive da...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2022-26134 On May the 30th, 2022, an organisation named Vo...
CVE-2025-3322
An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server...
Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution
This module exploits an unauthenticated remote code execution exploit chain for Ivanti EPMM, tracked as CVE-2025-4427 and CVE-2025-4428. An authentication flaw permits unauthenticated access to an administrator web API endpoint, which allows for code execution via expression language injection...