Lucene search
K

126 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-15496

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...

6.5CVSS0.01158EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-43218

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-15496 SonicCloudOrg sonic-agent Groovy Script GroovyScriptImpl.java evalIsFailed os command injection

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...

6.5CVSS0.01158EPSS
Exploits0References5
CVE
CVE
added 2 days ago14 views

CVE-2026-15496

SonicCloudOrg sonic-agent (up to version 2.7.2) contains a remote os command injection in GroovyScriptImpl.evalIsFailed within Groovy Script Handler. The vulnerable function is in sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java. Exploitation is public and report...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-39816

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

8.8CVSS5.7AI score0.0076EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/14 11:15 a.m.257 views

Nexus-Sonatype-Repository-Manager-Groovy-Script-RCE-Authenticated-

Nexus Repository Manager 3 Authenticated RCE Groovy Script Ta...

6.2AI score
Exploits0
EUVD
EUVD
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28593

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

8.8CVSS5.9AI score0.0076EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/08 3:31 p.m.14 views

Apache NiFi is missing the Restricted annotation with the Execute Code Required Permission

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

8.8CVSS5.9AI score0.0076EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2026/05/08 2:16 p.m.12 views

CVE-2026-39816

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

8.8CVSS0.0076EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/08 1:38 p.m.10 views

CVE-2026-39816 Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

7.5CVSS5.9AI score0.0076EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/02/26 11:25 a.m.223 views

Exploit for Missing Authorization in Xwiki

Research: XWiki Platform RCE CVE-2024-55879 Simulation !Se...

9.1CVSS5.7AI score0.01045EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/01/23 12:0 a.m.153 views

📄 OpenKM Community Edition 6.3.10 Code Execution / LFI / SQL Injection

OpenKM Community Edition version 6.3.10 proof of concept Metasploit module that exploits local file inclusion, remote code execution, and SQL injection vulnerabilities...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.11 views

CVE-2023-50765

A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...

4.3CVSS6.3AI score0.00454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.10 views

CVE-2019-11444

An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a command.execute call, as demonstrated by "def cmd =" in the ServerAdminPortletscript value to group/controlpanel/manage. Valid...

9CVSS7.1AI score0.12818EPSS
Exploits1References1
Imperva Blog
Imperva Blog
added 2025/12/01 4:20 p.m.10 views

CVE-2025-61757: Imperva Customers Protected Against Critical Oracle Identity Manager Authentication Bypass Leading to Remote Code Execution

At the end of October 2025, Oracle released an emergency security alert addressing CVE-2025-61757, a high-severity authentication-bypass flaw that enables remote code execution in the Identity Manager product of Oracle Fusion Middleware versions 12.2.1.4.0 and 14.1.2.1.0. Multiple threat actors a...

9.8CVSS8.9AI score0.88312EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/11/13 7:8 p.m.12 views

CVE-2025-64099

Open Access Management OpenAM is an access management solution. In versions prior to 16.0.0, if the "claimsparametersupported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the value of one's choice into a claim contained in the idtoken or ...

9.3CVSS6.8AI score0.00322EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/12 9:27 p.m.6 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the oidc-claims-extension.groovy script when the claimsparametersupported parameter is enabled. An attacker can inject arbitrary values into claims returned in idtoken or userinfo by supplying a crafted JSON...

9.3CVSS7AI score0.00322EPSS
Exploits0References2
OSV
OSV
added 2025/11/12 9:27 p.m.6 views

GHSA-39HR-239P-FHQC OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed

Summary If the "claimsparametersupported" parameter is activated, it is possible through the "oidc-claims-extension.groovy" script, to inject the value of choice into a claim contained in the idtoken or in the userinfo. Authorization function requests do not prevent a claims parameter containing ...

9.3CVSS6.8AI score0.00322EPSS
Exploits0References5
NVD
NVD
added 2025/11/12 7:15 p.m.10 views

CVE-2025-64099

Open Access Management OpenAM is an access management solution. In versions prior to 16.0.0, if the "claimsparametersupported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the value of one's choice into a claim contained in the idtoken or ...

9.3CVSS0.00322EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-10358

Malware in sbrugna...

7.2CVSS7AI score0.00703EPSS
Exploits0References2
Rows per page
Query Builder