Lucene search
K

2780 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48883

Name of the Vulnerable Software and Affected Versions jmespath.php versions prior to 2.9.1 Description Insufficient escaping of parsed JMESPath function names into generated PHP source allows for the generation and execution of attacker-controlled PHP code. This occurs when JmesPathCompilerRuntim...

9.8CVSS5.6AI score0.0032EPSS
Exploits0References6
NVD
NVD
added 2026/06/11 5:16 a.m.16 views

CVE-2026-40985

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

6.4CVSS0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 5:2 a.m.10 views

CVE-2026-40985 Data Binding Vulnerability in Spring Web Flow with Unified EL Parser

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

6.4CVSS5.5AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

VMware Spring Web Flow 安全漏洞

VMware Spring Web Flow is a web application flow management framework developed by the American company VMware. Versions 4.0.0, 3.0.0 to 3.0.1, and 2.5.0 to 2.5.1 of VMware Spring Web Flow contain security vulnerabilities. These vulnerabilities stem from the possibility of malicious Unified EL...

6.4CVSS5.4AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 8:39 a.m.8 views

BIT-APACHE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.5CVSS5.4AI score0.00171EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 10:37 p.m.4 views

SUSE-SU-2026:22058-1 Security update for python-Pygments

This update for python-Pygments fixes the following issue: - CVE-2026-4539: Denial of Service via inefficient regular expression processing in AdlLexer bsc1260796...

4.8CVSS5.2AI score0.00156EPSS
Exploits0References3
MongoDB
MongoDB
added 2026/06/09 9:56 p.m.10 views

Client side encryption fails to encrypt values in a $vectorSearch

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS5.4AI score0.00103EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.9 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS7.2AI score0.00472EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/09 3:51 a.m.11 views

CVE-2026-41852 Spring Framework Arbitrary Method Invocation in SpEL Expressions

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

3.7CVSS5.6AI score0.00164EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 3:51 a.m.8 views

CVE-2026-41851 Spring Framework Denial of Service via Unbounded Cache in SpEL

Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

5.3CVSS5.4AI score0.0036EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 3:51 a.m.10 views

CVE-2026-41850 Spring Framework Algorithmic Denial of Service via SpEL Expressions

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

7.5CVSS5.5AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 3:51 a.m.50 views

CVE-2026-41850 Spring Framework Algorithmic Denial of Service via SpEL Expressions

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

7.5CVSS0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 3:51 a.m.36 views

CVE-2026-41849 Spring Framework Denial of Service via Integer Overflow in SpEL Expressions

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Svelte 安全漏洞

Svelte is an open-source approach to building web applications. Versions of Svelte from 5.51.5 to 5.55.7 contained a security vulnerability. This vulnerability stemmed from the exponential increase in time taken for internal regular expression tests, which could lead to denial-of-service attacks...

7.5CVSS5.3AI score0.00421EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-41851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a...

7.5CVSS5.5AI score0.0036EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47662

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Applications that accept user-supplied Sprin...

7.5CVSS5.8AI score0.0036EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47660

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-48289

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A bug in the query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE causes...

7.1CVSS5.8AI score0.00103EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/08 3:19 p.m.9 views

CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

9.8CVSS5.4AI score0.00486EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/08 3:17 p.m.125 views

CVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

0.00171EPSS
Exploits0References1
Rows per page
Query Builder