Lucene search
K

1387 matches found

OSV
OSV
added 2026/02/02 6:31 p.m.6 views

GHSA-GJ28-GW7W-3PXC Crafter CMS has Improper Control of Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References3
NVD
NVD
added 2026/02/02 5:16 p.m.10 views

CVE-2026-1770

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS0.00425EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/02 4:16 p.m.10 views

EUVD-2026-5112

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/02 4:16 p.m.5 views

CVE-2026-1770 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/02 4:16 p.m.6 views

CVE-2026-1770

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/02 4:16 p.m.15 views

CVE-2026-1770

CVE-2026-1770 affects Crafter CMS, specifically Crafter Studio. The vulnerability arises from Improper Control of Dynamically-Managed Code Resources via the Groovy Sandbox, enabling authenticated developers to insert malicious Groovy code to bypass sandbox restrictions and achieve Remote Code Exe...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/02 4:16 p.m.27 views

CVE-2026-1770 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS0.00425EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.15 views

PT-2026-5681

Name of the Vulnerable Software and Affected Versions Crafter CMS versions affected versions not specified Description An issue exists in Crafter Studio of Crafter CMS that allows authenticated developers to execute operating system commands. This is due to a bypass of the Groovy Sandbox...

7.3CVSS6.1AI score0.00425EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2026/01/23 12:0 a.m.146 views

📄 OpenKM Community Edition 6.3.10 Code Execution / LFI / SQL Injection

OpenKM Community Edition version 6.3.10 proof of concept Metasploit module that exploits local file inclusion, remote code execution, and SQL injection vulnerabilities...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : groovy-1.8.9-8.el7 (AXSA:2017-2200:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-2200:01 advisory. Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby and Smalltalk. It...

9.8CVSS8AI score0.17239EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/13 2:51 p.m.5 views

Use of a Broken or Risky Cryptographic Algorithm

Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in SecurityIO.groovy. An attacker...

8.7CVSS6.8AI score0.00202EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.10 views

CVE-2023-50765

A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...

4.3CVSS6.3AI score0.00454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.8 views

CVE-2023-50572

An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM OutofMemory error...

5.5CVSS6.7AI score0.00253EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:55 a.m.11 views

CVE-2022-23109

Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed...

6.5CVSS6.8AI score0.00959EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.26 views

CVE-2022-26112

In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...

9.8CVSS6.8AI score0.01367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.10 views

CVE-2019-11444

An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a command.execute call, as demonstrated by "def cmd =" in the ServerAdminPortletscript value to group/controlpanel/manage. Valid...

9CVSS7.1AI score0.12818EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.7 views

CVE-2019-20155

An issue was discovered in reportedit.jsp in Determine formerly Selectica Contract Lifecycle Management CLM v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server...

9CVSS7.7AI score0.02467EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.5 views

CVE-2023-29521

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of...

8.8CVSS7.4AI score0.01131EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.3 views

CVE-2023-40573

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a documen...

9CVSS8AI score0.00997EPSS
Exploits1References1
Veracode
Veracode
added 2025/12/13 4:21 a.m.9 views

Cross-site Request Forgery (CSRF)

jp.ikedam.jenkins.plugins, extensible-choice-parameter is vulnerable to cross-site request forgery CSRF. The vulnerability is due to insufficient request validation, which allows an attacker to execute sandboxed Groovy code by tricking a user into performing unintended actions...

5.4CVSS5.8AI score0.00236EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder