Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9290 matches found

EUVD
EUVDadded 2026/03/18 9:30 a.m.3 views

EUVD-2026-12795

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

8.6CVSS5.9AI score0.00521EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/03/18 9:30 a.m.9 views

JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

8.6CVSS5.9AI score0.00521EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/03/18 9:30 a.m.3 views

GHSA-RP9G-QX29-88CP JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

8.6CVSS6AI score0.00521EPSS
Exploits0References5
NVD
NVDadded 2026/03/18 8:16 a.m.5 views

CVE-2026-22729

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

8.6CVSS0.00521EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/03/18 7:39 a.m.25 views

CVE-2026-22729 CVE-2026-22729: JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

8.6CVSS0.00521EPSS
Exploits0References1
CVE
CVEadded 2026/03/18 7:39 a.m.37 views

CVE-2026-22729

Spring AI’s AbstractFilterExpressionConverter is vulnerable to a JSONPath injection, where user-controlled input in FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping. This can allow authenticated users to bypass metadata-based access controls and access unautho...

8.6CVSS5.9AI score0.00521EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/18 7:39 a.m.3 views

CVE-2026-22729

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

8.6CVSS5.9AI score0.00521EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/03/18 7:36 a.m.51 views

CVE-2026-22730

CVE-2026-22730 describes a critical SQL injection vulnerability in Spring AI’s MariaDBFilterExpressionConverter, enabling bypass of metadata-based access controls and arbitrary SQL execution. Technical details across connected sources indicate the issue stems from missing input sanitization when ...

8.8CVSS6.1AI score0.00522EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/03/18 7:36 a.m.32 views

CVE-2026-22730 CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...

8.8CVSS0.00522EPSS
Exploits1References1
NVD
NVDadded 2026/03/18 2:16 a.m.2 views

CVE-2026-22178

OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastroph...

8.2CVSS0.00311EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/18 1:34 a.m.3 views

EUVD-2026-12722

OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastroph...

6.9CVSS5.8AI score0.00311EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/18 1:34 a.m.2 views

CVE-2026-22178 OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata

OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastroph...

6.9CVSS5.8AI score0.00311EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/18 12:0 a.m.4 views

CVE-2026-29856

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...

5.8AI score0.00337EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/18 12:0 a.m.2 views

CVE-2026-29856

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...

5.8AI score0.00337EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/03/18 12:0 a.m.4 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a denial of service hole that can be exploited by attackers to cause regular expression injection and denial of service...

8.2CVSS5.8AI score0.00311EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/03/18 12:0 a.m.6 views

aaPanel 安全漏洞

aaPanel is a simple yet powerful web-based control panel developed under the open source license. Version 7.57.0 of aaPanel contains a security vulnerability, which stems from a regular expression denial-of-service issue in the VirtualHost configuration processing/parser component...

7.5CVSS5.8AI score0.00337EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/03/17 6:37 p.m.12 views

Parse Server LiveQuery subscription with invalid regular expression crashes server

Impact A remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the invalid pattern reaches the regex engine during subscription matching, causing denial of service for all connected clients. Patches...

7.5CVSS5.9AI score0.0055EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/03/17 5:27 p.m.3 views

CVE-2026-25534 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS5.8AI score0.00246EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/03/17 3:53 p.m.4 views

CVE-2026-4148 ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline...

8.8CVSS5.8AI score0.00323EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/03/17 3:53 p.m.24 views

CVE-2026-4148 ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline...

8.8CVSS0.00323EPSS
Exploits0References1
Rows per page
Query Builder