153 matches found
Expression injection in MilvusVectorStore doDelete allows data destruction
Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs...
CVE-2026-41282
Summary: CVE-2026-41282 affects ProjectDiscovery Nuclei prior to 3.8.0, where DSL expression injection is possible when using -env-vars for multi-step templates against untrusted targets configured non-defaultly. The Red Hat advisory describes a flaw enabling DSL injection that could lead to unau...
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
Nuclei 安全漏洞
Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. Versions of Nuclei prior to 3.8.0 have security vulnerabilities, which stem from DSL expression injection and may affect the use of multi-step templates...
Improper Input Validation
Lodash is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of options.imports key names and unsafe merging of inherited properties, which allows an attacker to inject malicious expressions that execute arbitrary code during template compilation...
OpenRemote 安全漏洞
OpenRemote is an open-source IoT platform developed by OpenRemote. Versions of OpenRemote prior to 1.22.0 contained security vulnerabilities. These vulnerabilities were caused by two related expression injections in the rule engine, which could allow arbitrary code to execute on the server...
CVE-2026-39842
OpenRemote (IoT platform)
CVE-2026-39842 OpenRemote is Vulnerable to Expression Injection
OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...
CVE-2026-39842 OpenRemote is Vulnerable to Expression Injection
OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...
Exploit for Improper Control of Dynamically-Managed Code Resources in N8N
n8n Expression Injection RCE Analysis CVE-2025-68613 This r...
EUVD-2026-22806
Expression Injection in OpenRemote...
Expression Injection in OpenRemote
Summary The OpenRemote IoT platform's rules engine contains two interrelated critical expression injection vulnerabilities that allow an attacker to execute arbitrary code on the server, ultimately achieving full server compromise. - Unsandboxed Nashorn JavaScript Engine: JavaScript rules are...
GHSA-7MQR-33RV-P3MP Expression Injection in OpenRemote
Summary The OpenRemote IoT platform's rules engine contains two interrelated critical expression injection vulnerabilities that allow an attacker to execute arbitrary code on the server, ultimately achieving full server compromise. - Unsandboxed Nashorn JavaScript Engine: JavaScript rules are...
GHSA-822V-8W6H-5JXP Warm-Flow has a SpEL Expression Injection in SpelHelper.parseExpression
A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...
Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect
Summary Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escaped, an attacker who can supply X-Accel-Mapping to the backend can inject regex...
CVE-2026-34714
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %expr injection occurs with tabpanel lacking PMLE...
CVE-2026-34714
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %expr injection occurs with tabpanel lacking PMLE...
CVE-2026-34714
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %expr injection occurs with tabpanel lacking PMLE...
OpenClaw Denial of Service Vulnerability (CNVD-2026-15152)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a denial of service hole that can be exploited by attackers to cause regular expression injection and denial of service...
CVE-2026-22178 OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata
OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastroph...