Lucene search
+L

153 matches found

Cvelist
Cvelist
added 2023/12/22 8:46 p.m.34 views

CVE-2023-51387 Expression Injection Vulnerability in Hertzbeat

Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a...

7.2CVSS8.8AI score0.01461EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2023/11/30 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-21479

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system...

9.1CVSS7.3AI score0.10116EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/08/30 8:47 p.m.25 views

Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)

The pytorch/pytorch filter-test-configs workflow is vulnerable to an expression injection in Actions, allowing an attacker to potentially leak secrets and alter the repository using the workflow. Details The filter-test-configs workflow is using the raw github.event.workflowrun.headbranch value...

7.6AI score
Exploits0References2Affected Software1
OSV
OSV
added 2023/08/30 8:47 p.m.11 views

GHSA-HW6R-G8GJ-2987 Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)

The pytorch/pytorch filter-test-configs workflow is vulnerable to an expression injection in Actions, allowing an attacker to potentially leak secrets and alter the repository using the workflow. Details The filter-test-configs workflow is using the raw github.event.workflowrun.headbranch value...

7.7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.4 views

PT-2023-33030 · Facebook · Pytorch

Name of the Vulnerable Software and Affected Versions: pytorch/pytorch affected versions not specified Description: The filter-test-configs workflow in pytorch/pytorch is vulnerable to an expression injection in Actions. This allows an attacker to potentially leak secrets and alter the repository...

7.8AI score
Exploits0References3
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.7 views

Apache Ambari 安全漏洞

Apache Ambari is an application from the Apache USA Foundation. It provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A security vulnerability exists in Apache Ambari versions 2.7.0 through 2.7.6, which originates from a SpringEL...

8.8CVSS8.3AI score0.01212EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/27 9:11 p.m.21 views

CVE-2023-28430 OneSignal repository github action command injection

OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues types: closed i.e., when an Issue is closed. The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on...

7.3CVSS8.4AI score0.00905EPSS
Exploits1References3
OSV
OSV
added 2023/03/27 9:11 p.m.13 views

CVE-2023-28430 OneSignal repository github action command injection

OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues types: closed i.e., when an Issue is closed. The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on...

7.3CVSS8.2AI score0.00905EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.8 views

PT-2023-21716 · Onesignal · Onesignal

Name of the Vulnerable Software and Affected Versions: OneSignal affected versions not specified Description: The issue concerns a workflow triggered by closed issues, utilizing a GitHub repository token with full write permissions. This allows an attacker to potentially take over the GitHub...

8.1CVSS8.1AI score0.00905EPSS
Exploits1References6
CNVD
CNVD
added 2022/07/15 12:0 a.m.18 views

Siemens Mendix Expression Injection Vulnerability

Mendix is a high-productivity application platform that enables the building and continuous improvement of mobile and web applications at scale.Siemens Mendix is vulnerable to an expression injection vulnerability that could be exploited by an attacker to compromise sensitive information in a...

6.5CVSS2.7AI score0.00668EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/12 10:15 a.m.3 views

CVE-2022-34466

A vulnerability has been identified in Mendix Applications using Mendix 9 All versions = V9.11 V9.15, Mendix Applications using Mendix 9 V9.12 All versions V9.12.3. An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running...

6.5CVSS5.8AI score0.00668EPSS
Exploits0References2
NVD
NVD
added 2022/07/12 10:15 a.m.18 views

CVE-2022-34466

A vulnerability has been identified in Mendix Applications using Mendix 9 All versions = V9.11 V9.15, Mendix Applications using Mendix 9 V9.12 All versions V9.12.3. An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running...

6.5CVSS0.00668EPSS
Exploits0References1
OSV
OSV
added 2022/07/12 10:15 a.m.3 views

CVE-2022-34466

A vulnerability has been identified in Mendix Applications using Mendix 9 All versions = V9.11 V9.15, Mendix Applications using Mendix 9 V9.12 All versions V9.12.3. An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running...

6.5CVSS6.5AI score0.00668EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/07/12 10:7 a.m.38 views

CVE-2022-34466

A vulnerability has been identified in Mendix Applications using Mendix 9 All versions = V9.11 V9.15, Mendix Applications using Mendix 9 V9.12 All versions V9.12.3. An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running...

6.3AI score0.00668EPSS
Exploits0References1
CVE
CVE
added 2022/07/12 10:7 a.m.52 views

CVE-2022-34466

CVE-2022-34466: A Mendix expression-injection vulnerability in the Workflow subsystem of Mendix Runtime affects Mendix 9 deployments. Affected are Mendix 9 versions 9.11–9.15 and 9.12 before 9.12.3. The issue could allow a malicious user to leak sensitive information in certain configurations. Re...

6.5CVSS6.1AI score0.00668EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/07/12 12:0 a.m.7 views

Siemens Mendix Applications using Mendix 9 注入漏洞

Mendix is a high-productivity application platform that enables the building and continuous improvement of mobile and web applications at scale.Siemens Mendix is vulnerable to an expression injection vulnerability that could be exploited by an attacker to compromise sensitive information in a...

6.5CVSS5.6AI score0.00668EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/07/12 12:0 a.m.6 views

PT-2022-22172 · Mendix · Mendix

Name of the Vulnerable Software and Affected Versions: Mendix Applications using Mendix 9 versions 9.11 through 9.14 Mendix Applications using Mendix 9 version 9.12 versions prior to 9.12.3 Description: An expression injection vulnerability was discovered in the Workflow subsystem of Mendix...

6.5CVSS6.3AI score0.00668EPSS
Exploits0References3
Wallarm Lab
Wallarm Lab
added 2022/06/23 7:14 a.m.76 views

Update on Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)

Background On June 20, 2022 Spring released Spring Data MongoDB 3.4.1 and 3.3.5 to address a critical CVE report: CVE-2022-22980: Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods. This vulnerability was originally reported on June 13, 2022...

6.8CVSS0.4AI score0.16771EPSS
Exploits3
OSV
OSV
added 2022/05/02 3:23 a.m.7 views

GHSA-2C6Q-RGVJ-66RX Apache Tiles Vulnerable to XSS via EL Expression Injection

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...

6.8CVSS5.9AI score0.02811EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2022/04/14 11:10 a.m.538 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

Spring Cloud Function SpEL Expression Injection Vulnerability...

9.8CVSS7.7AI score0.99939EPSS
Exploits36
Rows per page
Query Builder