Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the configuration process of the optional TinkerpopClientService. An attacker can execute arbitrary code by submitting Groovy scripts through the ByteCode Submission feature without possessing the required...

Apache NiFi 安全漏洞

Apache NiFi is a data processing and distribution system developed by the Apache Foundation in the United States. This system is primarily used for data routing, transformation, and intermediate logic within the system. Vulnerabilities exist in versions 2.8.0 of Apache NiFi, as the optional...

Remote Code Execution (RCE)

com.liferay, com.liferay.object.service is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper restriction on the use of Groovy scripts in Object actions, which allows authenticated admin users with the Instance Administrator role to execute arbitrary Groovy scripts and...

CVE-2025-11158

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

EUVD-2025-208458

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

CVE-2025-11158

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analysis system developed by Hitachi, Ltd. Versions of Hitachi Vantara Pentaho Data Integration & Analytics prior to 10.2.0.6, including 9.3.x and 8.3.x versions, have security vulnerabilities. These vulnerabilities st...

CVE-2025-11158

Hitachi Vantara Pentaho Data Integration & Analytics is affected by CVE-2025-11158 in versions before 10.2.0.6, including 9.3.x and 8.3.x. The root cause is failure to restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a remote c...

CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

PT-2026-24134

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.6 Hitachi Vantara Pentaho Data Integration & Analytics versions 8.3.x Hitachi Vantara Pentaho Data Integration & Analytics versions 9.3.x Description The software do...

CVE-2023-40573

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a documen...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Objects module. An authenticated attacker with Instance Administrator privileges can execute arbitrary code by submitting specially crafted Groovy scripts through Object Actions or Validations. Remediation...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Objects module. An authenticated attacker with Instance Administrator privileges can execute arbitrary code by submitting specially crafted Groovy scripts through Object Actions or Validations. Remediation...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Objects module. An authenticated attacker with Instance Administrator privileges can execute arbitrary code by submitting specially crafted Groovy scripts through Object Actions or Validations. Remediation...

EUVD-2020-7117

Malware in sbrugna...

EUVD-2022-5137

Malicious code in bioql PyPI...

EUVD-2022-50633

Malicious code in bioql PyPI...

CVE-2025-3586

In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 Liferay PaaS, and Liferay Self-Hosted, the Objects module does not restrict the use of Groovy scripts in Object...

CVE-2025-3586

In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 Liferay PaaS, and Liferay Self-Hosted, the Objects module does not restrict the use of Groovy scripts in Object...