CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions: Hitachi Replication Manager versions prior to 8.8.5-02 Description: The issue affects Hitachi Replication Manager and is related to an Expression Language Injection vulnerability, allowing code injection. This vulnerability can be exploited b...

9.8CVSS9.9AI score0.00451EPSS

Exploits0References7

GithubExploit•added 2022/11/15 9:11 a.m.•432 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 Usage: python3 CVE-2022-22947.py url...

10CVSS9.7AI score0.98253EPSS

Exploits54

Snyk•added 2022/10/31 6:43 a.m.•3 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation. Remediation There is no fixed version for com.bstek.uflo:uflo-core...

9.8CVSS7.4AI score0.02575EPSS

Exploits1References2

BDU FSTEC•added 2022/10/21 12:0 a.m.•4 views

The vulnerability of the HPE Intelligent Management Center PLAT software lies in its failure to take measures to neutralize special elements used in the expression language of the operator. This allows a perpetrator to execute arbitrary code.

The vulnerability of the HPE Intelligent Management Center PLAT software lies in the lack of measures taken to neutralize special elements used in the expression language during the processing of the beanName parameter at the select.xhtml endpoint. Exploiting this vulnerability allows an attacker...

9.8CVSS8.2AI score0.06707EPSS

Exploits0References6

GithubExploit•added 2022/10/16 11:37 a.m.•318 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 Installation Download the Python scri...

9.8CVSS7.3AI score0.99999EPSS

Exploits75

GithubExploit•added 2022/10/16 10:55 a.m.•78 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

Installation git clone https://github.com/CJ-0107/cve-20...

10CVSS7.3AI score0.99999EPSS

Exploits94

GithubExploit•added 2022/10/16 10:44 a.m.•242 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 ATLASIAN-Confluence RCE Installa...

9.8CVSS7.3AI score0.99999EPSS

Exploits75

GithubExploit•added 2022/10/16 9:19 a.m.•239 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

PoC exploit for CVE-2022-26134, a remote code execution vulnerab...

9.8CVSS9.8AI score0.99999EPSS

Exploits75

GithubExploit•added 2022/10/15 6:1 a.m.•214 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

It is an offensive tool for web exploitation. The repository is...

9.8CVSS9.9AI score0.99999EPSS

Exploits75

BDU FSTEC•added 2022/10/12 12:0 a.m.•5 views

The vulnerability of the HPE Intelligent Management Center PLAT software lies in the lack of measures taken to neutralize special elements used in the expression language during the processing of the beanName parameter at the devGroupSelect.xhtml endpoint. Exploiting this vulnerability allows an...

10CVSS8.2AI score0.06613EPSS

Exploits0References6

GithubExploit•added 2022/10/09 5:15 p.m.•4 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134-LAB Confluence Server and Confluence Data Cent...

9.8CVSS9.8AI score0.99999EPSS

Exploits75

RedHat Linux•added 2022/10/06 12:26 p.m.•3 views

cron-utils: template Injection leading to unauthenticated Remote Code Execution

A flaw was found in cron-utils. This flaw allows an attacker to perform unauthenticated Remote Code Execution RCE via Java Expression Language EL injection...

10CVSS7.4AI score0.04047EPSS

Exploits1References4

Positive Technologies•added 2022/09/24 12:0 a.m.•5 views

PT-2022-16005 · Nepxion · Nepxion Discovery

Name of the Vulnerable Software and Affected Versions: Nepxion Discovery affected versions not specified Description: The issue is related to SpEL Injection in discovery-commons, where the DiscoveryExpressionResolver’s eval method evaluates expressions with a StandardEvaluationContext. This allow...

9.8CVSS9.5AI score0.0173EPSS

Exploits1References7

CNNVD•added 2022/09/24 12:0 a.m.•33 views

Nepxion 安全漏洞

Nepxion Discovery is an enhanced middleware for service registration discovery for Spring Cloud. Nepxion Discovery 6.16.2 and earlier versions are vulnerable to a remote code execution vulnerability that stems from a lack of validation of input data in Discovery-commons and is susceptible to SpEL...

9.8CVSS8.6AI score0.0173EPSS

Exploits1References2

GithubExploit•added 2022/08/23 6:38 a.m.•254 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

It is an exploit module/toolkit targeting Apache Log4j. The targ...

10CVSS9.2AI score0.98253EPSS

Exploits54

VulnCheck KEV•added 2022/08/19 12:0 a.m.•8 views

VulnCheck KEV: CVE-2022-22963

When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.8CVSS7.8AI score0.99939EPSS

Exploits36References1

Tenable Nessus•added 2022/08/08 12:0 a.m.•20 views

Expression Language Injection

Expression Language EL has been defined as part of the Java Server Pages Standard Tag Library JSTL in order to offer developers a simple way to output data from an object model. Starting from the JSP 2.0 specification, Expression Language has been made available within JSP pages, but it is also...

8.1AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by