38 matches found
CVE-2026-39842 OpenRemote is Vulnerable to Expression Injection
OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...
CVE-2026-39842 OpenRemote is Vulnerable to Expression Injection
OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...
CVE-2026-39842
OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...
CVE-2026-39842
OpenRemote (IoT platform)
Expression Injection in OpenRemote
Summary The OpenRemote IoT platform's rules engine contains two interrelated critical expression injection vulnerabilities that allow an attacker to execute arbitrary code on the server, ultimately achieving full server compromise. - Unsandboxed Nashorn JavaScript Engine: JavaScript rules are...
EUVD-2026-22806
Expression Injection in OpenRemote...
GHSA-7MQR-33RV-P3MP Expression Injection in OpenRemote
Summary The OpenRemote IoT platform's rules engine contains two interrelated critical expression injection vulnerabilities that allow an attacker to execute arbitrary code on the server, ultimately achieving full server compromise. - Unsandboxed Nashorn JavaScript Engine: JavaScript rules are...
PT-2026-32964
Summary The OpenRemote IoT platform's rules engine contains two interrelated critical expression injection vulnerabilities that allow an attacker to execute arbitrary code on the server, ultimately achieving full server compromise. - Unsandboxed Nashorn JavaScript Engine: JavaScript rules are...
EUVD-2022-53207
Malicious code in bioql PyPI...
CVE-2022-31860
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule...
CVE-2022-31860
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule...
CVE-2022-31860
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule...
Code injection
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule...
CVE-2022-31860
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule...
CVE-2022-31860
OpenRemote (up to version 1.0.4) is affected by a remote code execution vulnerability via crafted Groovy rules. Versions prior to 1.0.5 are vulnerable; upgrading to 1.0.5 or later is the recommended remediation. The issue is documented across multiple sources, including CVE-2022-31860 entries and...
CVE-2022-31860
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule...
PT-2022-20961 · Unknown · Openremote
Name of the Vulnerable Software and Affected Versions: OpenRemote versions prior to 1.0.5 Description: An issue in OpenRemote allows attackers to execute arbitrary code via a crafted Groovy rule. Recommendations: For OpenRemote versions prior to 1.0.5, update to version 1.0.5 or later to resolve...
OpenRemote 安全漏洞
OpenRemote is an open source IoT platform from OpenRemote Open Source. A security vulnerability exists in OpenRemote version 1.0.4, which stems from the fact that it allows an attacker to execute arbitrary code via carefully crafted Groovy rules...