CVE-2026-3968

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

CVE-2026-3968

Summary: CVE-2026-3968 affects AutohomeCorp frostmourne (up to 1.0) via the Oracle Nashorn JavaScript Engine. The vulnerability targets the function scriptEngine.eval in ExpressionRule.java, enabling remote code injection through manipulation of the EXPRESSION argument. Exploitability is indicate...

CVE-2026-3968

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

PT-2026-24899

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

Remote Code Execution (RCE)

dubbo is vulnerable to remote code execution. when using default rules with ScriptEngine, An attacker can inject and execute malicious scripts via Script route poisoning...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run...

CVE-2021-30181

Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run...

Design/Logic Flaw

Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run...

Apache Dubbo Arbitrary Code Execution Vulnerability

Apache Dubbo is the Apache Foundation of a Java-based high-performance open source RPC framework . An arbitrary command execution vulnerability exists in several versions of Dubbo. An attacker can exploit this vulnerability by injecting malicious code into the routing scripts , the default...

CVE-2021-30181 Apache Dubbo RCE on customers via Script route poisoning (Nashorn script injection)

Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run...

GitHub Security Lab: CWE-094 ScriptEngine in java

This bug was reported directly to GitHub Security Lab...

(0Day) Microsoft Internet Explorer ScriptEngine Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:1424-1) (ROBOT)

java 1.6.0 openjdk / icedtea was updated to 1.11.5 bnc785433 - Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7167656, CVE-2012-5077: Multiple Seeders...

OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

Mandriva Update for java-1.6.0-openjdk MDVSA-2012:169 (java-1.6.0-openjdk)

Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test Mandriva Update for java-1.6.0-openjdk MDVSA-2012:169 java-1.6.0-openjdk Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:169)

Multiple security issues were identified and fixed in OpenJDK icedtea6 : - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7167656, CVE-2012-5077: Multiple Seeders are...

java-1_7_0-openjdk: Update to icedtea-2.3.3 (important)

java-170-opendjk was updated to icedtea-2.3.3 bnc785814 Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7158796, CVE-2012-5070: Tighten properties...