Lucene search
+L

152 matches found

vulnrichment
vulnrichment
added 2025/08/18 8:9 p.m.5 views

CVE-2025-53192 Apache Commons OGNL: Expression Injection leading to RCE

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue​, the OGNL engine parses and evaluates the provided expression with powerful capabilities...

7.7AI score0.0052EPSS
Exploits0References1
cvelist
cvelist
added 2025/08/18 8:9 p.m.29 views

CVE-2025-53192 Apache Commons OGNL: Expression Injection leading to RCE

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue​, the OGNL engine parses and evaluates the provided expression with powerful capabilities...

0.0052EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 9:30 a.m.20 views

CVE-2024-37759

DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...

9.8CVSS7.7AI score0.0282EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/23 6:1 a.m.6 views

CVE-2023-28430

OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues types: closed i.e., when an Issue is closed. The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on...

8.1CVSS7.1AI score0.00905EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 1:23 a.m.6 views

CVE-2022-34466

A vulnerability has been identified in Mendix Applications using Mendix 9 All versions = V9.11 V9.15, Mendix Applications using Mendix 9 V9.12 All versions V9.12.3. An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running...

6.5CVSS6.5AI score0.00668EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 7:10 p.m.8 views

CVE-2021-21479

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system...

9.1CVSS7AI score0.10116EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 3:7 p.m.8 views

CVE-2020-7187

A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

9CVSS8AI score0.03353EPSS
Exploits0References1
cvelist
cvelist
added 2024/06/24 12:0 a.m.41 views

CVE-2024-37759

DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...

0.0282EPSS
Exploits2References2
osv
osv
added 2024/06/24 12:0 a.m.6 views

CVE-2024-37759

DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...

9.8CVSS7.8AI score0.0282EPSS
Exploits2References4
kitploit
kitploit
added 2024/06/23 12:30 p.m.162 views

VulnNodeApp - A Vulnerable Node.Js Application

A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open...

8.5AI score
Exploits0References2
githubexploit
githubexploit
added 2024/06/21 2:58 a.m.402 views

Exploit for Injection in Datagear

CVE-2024-37759 PoC Description DataGear version 5.0.0 and...

9.8CVSS10AI score0.0282EPSS
Exploits2
ibm
ibm
added 2024/03/22 4:5 p.m.35 views

Security Bulletin: Vulnerability in Spring Data MongoDB might affect IBM Storage Copy Data Management. [CVE-2022-22980]

Summary IBM Storage Copy Data Management can be affected by a vulnerability in Spring Data MongoDB. A remote attacker could exploit this vulnerability to execute arbitrary code on the system as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-2298...

9.8CVSS9.6AI score0.16903EPSS
Exploits3Affected Software1
cve
cve
added 2024/03/15 7:55 p.m.239 views

CVE-2024-28848

CVE-2024-28848 is a SpEL injection vulnerability in OpenMetadata's GET /api/v1/policies/validation/condition/. The CompiledRule.validateExpression flow evaluates user-supplied SpEL against Java types (e.g., Runtime), enabling remote code execution. The issue is exploitable by authenticated non-ad...

8.8CVSS9.4AI score0.07888EPSS
In wildExploits0References4Affected Software1
vulnrichment
vulnrichment
added 2024/03/15 7:55 p.m.43 views

CVE-2024-28255 Authentication Bypass in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...

9.8CVSS7.8AI score0.73255EPSS
Exploits5References3
nvd
nvd
added 2024/01/02 9:15 p.m.13 views

CVE-2024-21623

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...

9.8CVSS9.7AI score0.01226EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2024/01/02 8:29 p.m.17 views

CVE-2024-21623 Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...

9.8CVSS7.2AI score0.01226EPSS
Exploits1References5
cvelist
cvelist
added 2024/01/02 8:29 p.m.19 views

CVE-2024-21623 Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...

9.8CVSS9.9AI score0.01226EPSS
Exploits1References5
cve
cve
added 2024/01/02 8:29 p.m.65 views

CVE-2024-21623

OTCLient (the Tibia OT server client) is affected by an expression injection in the GitHub Actions workflow for /mehah/otclient, specifically the Analyses - SonarCloud workflow. The vulnerability enables remote command execution, secret leakage, and repository alteration on the vulnerable runner....

9.8CVSS9.6AI score0.01226EPSS
Exploits1References5Affected Software1
osv
osv
added 2024/01/02 8:29 p.m.17 views

CVE-2024-21623 Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...

9.8CVSS9.4AI score0.01226EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2024/01/02 12:0 a.m.4 views

PT-2024-18975

Name of the Vulnerable Software and Affected Versions OTCLient versions prior to commit db560de0b56476c87a2f967466407939196dd254 Description The issue concerns an expression injection vulnerability in the /mehah/otclient "Analysis - SonarCloud" workflow, allowing an attacker to run commands...

9.8CVSS7.8AI score0.01226EPSS
Exploits1References12
Rows per page
Query Builder