1084 matches found
CVE-2024-7552
A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of...
CVE-2024-7552 DataGear Data Schema Page ConversionSqlParamValueMapper.java evaluateVariableExpression expression language injection
A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of...
CVE-2024-7552 DataGear Data Schema Page ConversionSqlParamValueMapper.java evaluateVariableExpression expression language injection
A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of...
CVE-2024-5828
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00...
Hitachi Tuning Manager 安全漏洞
Hitachi Tuning Manager is a performance tuning and monitoring tool from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Tuning Manager versions prior to 8.8.7-00 that stems from an expression language injection vulnerability that allows code injection...
PT-2024-5839 · Hitachi · Hitachi Tuning Manager
Name of the Vulnerable Software and Affected Versions: Hitachi Tuning Manager versions prior to 8.8.7-00 Description: The issue is related to an Expression Language Injection vulnerability in Hitachi Tuning Manager, which allows code injection. This vulnerability can be exploited by a remote...
DataGear Security Breach
DataGear is an open source, free data visualization and analysis platform from DataGear, Inc. A security vulnerability exists in DataGear v5.0.0 and prior versions, which originates from the Data Viewing interface containing a SpEL expression injection...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947 A code injection attack on spring cloud gate...
CVE-2024-4286
Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...
CVE-2024-4286
Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...
CVE-2024-4286 Improper Neutralization of Special Elements in mintplex-labs/anything-llm
Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...
CVE-2024-4286 Improper Neutralization of Special Elements in mintplex-labs/anything-llm
Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...
CVE-2024-4286
The CVE-2024-4286 entry refers to Mintplex-Labs’ anything-llm application with improper neutralization of elements in an expression language statement. The vulnerability arises from how user modifications by managers/admins are handled, allowing modification of all attributes of the user entity w...
AnythingLLM 安全漏洞
AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from vulnerability to improper neutralization in the use of special elements in expression language statements, allowing all existing attributes of a database entity to be...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963 En las versiones 3.1.6, 3.2.2 y versiones anter...
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2
Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...
CVE-2023-51593
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...
CVE-2023-51593
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...
CVE-2023-51593
Voltronic Power ViewPower Pro is affected by a remote code execution due to a Struts2 expression language injection flaw. The vulnerability allows unauthenticated attackers to execute arbitrary code in the context of LOCAL SERVICE. Root cause: a vulnerable expression language handling in a Struts...
CVE-2023-51593 Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...