Lucene search
K

1387 matches found

NVD
NVD
added 2026/04/07 8:16 p.m.6 views

CVE-2026-5739

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...

7.5CVSS0.00388EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/07 8:12 p.m.7 views

Arbitrary Code Injection

Overview tech.powerjob:powerjob-server-core is an enterprise job scheduling middleware with distributed computing ability Affected versions of this package are vulnerable to Arbitrary Code Injection via the GroovyEvaluator.evaluate function in the /openApi/addWorkflowNode endpoint when processing...

7.5CVSS6.2AI score0.00388EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:15 p.m.8 views

CVE-2026-5739

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...

7.5CVSS6.9AI score0.00388EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/07 7:15 p.m.22 views

CVE-2026-5739 PowerJob OpenAPI Endpoint addWorkflowNode GroovyEvaluator.evaluate code injection

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...

7.5CVSS0.00388EPSS
Exploits0References5
Veracode
Veracode
added 2026/03/17 8:44 a.m.8 views

Remote Code Execution (RCE)

com.liferay, com.liferay.object.service is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper restriction on the use of Groovy scripts in Object actions, which allows authenticated admin users with the Instance Administrator role to execute arbitrary Groovy scripts and...

7.5CVSS6.5AI score0.00389EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.5 views

CVE-2025-11158

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

9.1CVSS5.9AI score0.00382EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2025-208457

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

9.1CVSS5.8AI score0.00382EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2025-208458

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

9.1CVSS5.8AI score0.00382EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 4:23 p.m.4 views

CVE-2025-11158

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

9.1CVSS0.00382EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analysis system developed by Hitachi, Ltd. Versions of Hitachi Vantara Pentaho Data Integration & Analytics prior to 10.2.0.6, including 9.3.x and 8.3.x versions, have security vulnerabilities. These vulnerabilities st...

9.1CVSS6.3AI score0.00382EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/09 10:12 p.m.2 views

CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

9.1CVSS5.8AI score0.00382EPSS
Exploits0References1
CVE
CVE
added 2026/03/09 10:12 p.m.18 views

CVE-2025-11158

Hitachi Vantara Pentaho Data Integration & Analytics is affected by CVE-2025-11158 in versions before 10.2.0.6, including 9.3.x and 8.3.x. The root cause is failure to restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a remote c...

9.1CVSS5.8AI score0.00382EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/09 10:12 p.m.3 views

CVE-2025-11158

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

9.1CVSS5.8AI score0.00382EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/09 10:12 p.m.28 views

CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE...

9.1CVSS0.00382EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.7 views

PT-2026-24134

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.6 Hitachi Vantara Pentaho Data Integration & Analytics versions 8.3.x Hitachi Vantara Pentaho Data Integration & Analytics versions 9.3.x Description The software do...

9.1CVSS6AI score0.00382EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/02/26 11:25 a.m.206 views

Exploit for Missing Authorization in Xwiki

Research: XWiki Platform RCE CVE-2024-55879 Simulation !Se...

9.1CVSS5.7AI score0.01045EPSS
Exploits2
Veracode
Veracode
added 2026/02/09 8:35 a.m.10 views

Remote Code Execution (RCE)

Crafter CMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper control of dynamically managed Groovy code, where authenticated developers can bypass the Groovy sandbox by injecting malicious Groovy elements, allowing execution of arbitrary OS commands...

7.3CVSS6.1AI score0.00425EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.7 views

CVE-2026-1770

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/02 6:31 p.m.5 views

Improper Control of Dynamically-Managed Code Resources

Overview Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the Groovy Sandbox. An attacker can execute arbitrary operating system commands by injecting malicious Groovy elements to bypass sandbox restrictions. Remediation Upgrade...

8CVSS6AI score0.00425EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/02 6:31 p.m.9 views

Crafter CMS has Improper Control of Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder