CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

9CVSS7.1AI score0.16903EPSS

Exploits3References2

ATTACKERKB•added 2022/06/23 5:15 p.m.•5 views

CVE-2022-22980

9.8CVSS7.2AI score0.16903EPSS

Exploits3References2

CNNVD•added 2022/06/23 12:0 a.m.•7 views

Spring Data MongoDB 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Data MongoDB that stems from vulnerability to SpEL injection when using @Query or...

9.8CVSS8AI score0.16903EPSS

Exploits3References3

BDU FSTEC•added 2022/06/23 12:0 a.m.•5 views

The vulnerability of software for unifying and simplifying access to Spring Data MongoDB databases, related to errors in processing SpEL expressions, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for unifying and simplifying access to Spring Data MongoDB databases is related to errors in processing SpEL expressions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted SpEL query...

10CVSS7.9AI score0.16903EPSS

Exploits3References3Affected Software1

GithubExploit•added 2022/06/21 11:39 a.m.•517 views

Exploit for Expression Language Injection in Vmware Spring_Data_Mongodb

CVE-2022-22980 A local based poc of CVE-2022-22980, for the d...

9.8CVSS8.5AI score0.16903EPSS

Exploits3

GithubExploit•added 2022/06/19 1:50 p.m.•398 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

「💥」CVE-2022-26134 Description In affected versions of Con...

9.8CVSS9.5AI score0.99999EPSS

Exploits75

GithubExploit•added 2022/06/13 11:1 p.m.•476 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 - Confluence Pre-Auth Remote Code Execution...

9.8CVSS10AI score0.99999EPSS

Exploits75

IBM Security Bulletins•added 2022/06/13 5:43 p.m.•29 views

Security Bulletin: IBM Sterling Control Center is vulnerable to remote attacker security restrictions bypass due to Eclipse EE4J Jakarta Expression Language (CVE-2021-28170)

Summary Eclipse EE4J Jakarta Expression Language is used by IBM Sterling Control Center. Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, and the issue has been addressed. Vulnerability Details CVEID: CVE-2021-28170 DESCRIPTION: Eclipse EE4J...

5.3CVSS2.2AI score0.02132EPSS

Exploits1Affected Software1

GithubExploit•added 2022/06/10 8:57 a.m.•378 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

exploitCVE-2022-26134 CVE-2022-26134, an OGNL injection vulne...

9.8CVSS10AI score0.99999EPSS

Exploits75

GithubExploit•added 2022/06/09 2:11 a.m.•399 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 -u URL, --url URL 目标url -c COMM...

9.8CVSS10AI score0.99999EPSS

Exploits75