CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

64 matches found

Cvelist•added 2023/05/02 12:0 a.m.•16 views

CVE-2022-47876

The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts...

8.9AI score0.0806EPSS

Exploits4References2

Positive Technologies•added 2023/05/02 12:0 a.m.•3 views

PT-2023-15508 · Jedox · Jedox

Name of the Vulnerable Software and Affected Versions: Jedox versions 2020.2.5 Description: The issue allows remote authenticated users to create jobs that can execute arbitrary code via Groovy scripts. This is related to the integrator component in the affected software. Recommendations: For...

9.1CVSS7.8AI score0.0806EPSS

Exploits4References6

OSV•added 2023/04/18 10:53 p.m.•13 views

CVE-2023-29527 Code injection from account through AWM view sheet in xwiki platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile or any other document with the wiki editor and add groovy script content. Viewing the document after...

9.9CVSS8.5AI score0.09755EPSS

Exploits1References4

Prion•added 2022/09/08 9:15 p.m.•16 views

Code injection

XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field...

6CVSS9AI score0.4365EPSS

Exploits1References4Affected Software1

CNNVD•added 2022/01/28 12:0 a.m.•2 views

Liferay Portal 操作系统命令注入漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. An operating system command injection vulnerability exists...

9CVSS7.3AI score0.03832EPSS

Exploits0References4

CNVD•added 2021/12/04 12:0 a.m.•12 views

Crafter CMS Access Control Error Vulnerability

An access control error vulnerability exists in Crafter CMS, an open source content management system CMS for digital experience applications, which stems from a system that does not validate groovy scripts. An attacker with administrator, developer privileges could use the groovy lib to render...

7.2CVSS3.5AI score0.00391EPSS

Exploits0References1

NVD•added 2021/09/09 2:15 a.m.•12 views

CVE-2021-32834

Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist...

9.9CVSS0.0033EPSS

Exploits1References1

Prion•added 2021/09/09 2:15 a.m.•14 views

Design/Logic Flaw

6.5CVSS9.4AI score0.0033EPSS

Exploits1References1

Cvelist•added 2021/09/09 1:50 a.m.•16 views

CVE-2021-32834 Arbitrary Groovy script evaluation in Eclipse Keti

8.2CVSS9.7AI score0.0033EPSS

Exploits1References1

CNNVD•added 2021/09/09 12:0 a.m.•3 views

Eclipse Keti 代码注入漏洞

Eclipse Keti is an Eclipse Foundation service that uses Attribute-Based Access Control ABAC to protect restful APIs. A code injection vulnerability exists in Eclipse Keti, which originates in Keti, where a user who is able to create policy sets can run arbitrary code by sending malicious Groovy...

9.9CVSS8.6AI score0.0033EPSS

Exploits1References2

OSV•added 2021/03/11 6:15 p.m.•2 views

CVE-2020-14987

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...

7.2CVSS7.4AI score

Exploits0References1

NVD•added 2021/03/11 6:15 p.m.•8 views

CVE-2020-14987

9CVSS0.06002EPSS

Exploits1References1

Prion•added 2021/03/11 6:15 p.m.•8 views

Code injection

9CVSS7.4AI score0.06002EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/03/11 5:50 p.m.•9 views

CVE-2020-14987

7.4AI score0.06002EPSS

Exploits1References1

CNVD•added 2020/10/12 12:0 a.m.•2 views

Crafter CMS Dynamic Management Code Resource Miscontrol Vulnerability (CNVD-2020-63996)

Crafter CMS is an open source content management system for websites, mobile apps, VR and more. A Dynamic Management Code Resource Miscontrol vulnerability exists in Crafter Studio in Crafter CMS. An attacker can exploit this vulnerability to execute OS commands via Groovy scripts...

9CVSS7.5AI score0.00434EPSS

Exploits0References1

Exploit DB•added 2020/07/06 12:0 a.m.•271 views

RSA IG&L Aveksa 7.1.1 - Remote Code Execution

Exploit Title: RSA IG&L Aveksa 7.1.1 - Remote Code Execution Date: 2019-04-16 Exploit Author: Jakub Palaczynski, Lukasz Plonka Vendor Homepage: https://www.rsa.com/ Version: 7.1.1, prior to P02 CVE : CVE-2019-3759 all vulnerable versions can be found at...

8.1CVSS7.3AI score0.01233EPSS

Exploits3

Packet Storm•added 2020/07/06 12:0 a.m.•184 views

RSA IG+L Aveksa 7.1.1 Remote Code Execution

5.5CVSS0.2AI score0.01233EPSS

Exploits3

NVD•added 2019/09/11 8:15 p.m.•11 views

CVE-2019-3759

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to vie...

8.1CVSS7AI score0.01233EPSS

Exploits3References2

Prion•added 2019/09/11 8:15 p.m.•9 views

Code injection

5.5CVSS7.9AI score0.01233EPSS

Exploits3References2Affected Software2

Cvelist•added 2019/09/11 7:17 p.m.•14 views

CVE-2019-3759

6.4CVSS8.1AI score0.01233EPSS

Exploits3References2

Rows per page