82 matches found
EUVD-2025-12431
Malicious code in bioql PyPI...
EUVD-2023-55628
Malicious code in bioql PyPI...
EUVD-2022-0603
Malicious code in bioql PyPI...
EUVD-2023-2962
Malicious code in bioql PyPI...
PT-2025-42765
Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0.0 through 3.0.13 Apache Syncope versions 4.0.0 through 4.0.1 Description Apache Syncope allows a malicious administrator to inject Groovy code that can be executed remotely by a running Apache Syncope Core instance...
Exploit for Code Injection in Xwiki
CVE-2025-24893 – Unauthenticated Remote Code Execution in XWik...
CVE-2021-45029
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
GHSA-37PQ-893F-G7Q5 Apereo CAS code injection vulnerability
A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component...
Apereo CAS code injection vulnerability
A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component...
Code Injection
Overview Affected versions of this package are vulnerable to Code Injection via the saveService function. If dynamic service registration is enabled which it is not by default, a privileged attacker with access to the saveService interface and the ability to modify application.properties can...
CVE-2025-3984
A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component...
CVE-2025-3984
A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component...
CVE-2025-3984 Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection
A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component...
CVE-2025-3984
CVE-2025-3984 affects Apereo CAS 5.2.6. The vulnerability targets the saveService function in cas-5.2.6/webapp-mgmt/cas-management-webapp-support/src/main/java/org/apereo/cas/mgmt/services/web/RegisteredServiceSimpleFormController.java (Groovy Code Handler), enabling code injection. Reported as n...
PT-2025-18015
Name of the Vulnerable Software and Affected Versions Apereo CAS version 5.2.6 Description A critical issue was found, affecting the saveService function of the RegisteredServiceSimpleFormController.java file in the Groovy Code Handler component. This issue leads to code injection and can be...
CVE-2024-12652 Intumit SmartRobot′s Conversational AI Platform - Improper Control of Generation of Code ('Code Injection')
A Improper Control of Generation of Code 'Code Injection' vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code...
CVE-2024-31988
CVE-2024-31988 affects XWiki Platform where the realtime editor can lead to arbitrary remote code execution when an admin with programming rights visits a crafted URL or views an image containing that URL (e.g., in a comment). Affected versions are 13.9-rc-1 and earlier, specifically before 14.10...
CVE-2024-31984 XWiki Platform: Remote code execution through space title and Solr space facet
XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the Solr-based search in XWiki. This allows any user who can edi...
CVE-2023-50895
In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality allow remote authenticated administrative users to execute arbitrary Groovy code...
CVE-2023-50895
In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality allow remote authenticated administrative users to execute arbitrary Groovy code...