CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

168 matches found

OSV•added 2026/04/21 2:53 p.m.•5 views

GHSA-69RW-45WJ-G4V6 Spinnaker: RCE via expression parsing due to unrestricted context handling

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...

9.9CVSS5.9AI score0.00032EPSS

Exploits0References8

Vulnrichment•added 2026/04/20 8:7 p.m.•1 views

CVE-2026-32613 Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling

9.9CVSS5.9AI score0.00032EPSS

Exploits0References4

CNNVD•added 2026/04/20 12:0 a.m.•5 views

Spinnaker 安全漏洞

Spinnaker is an open-source continuous delivery platform developed by Spinnaker. It is used to release software changes with high speed and confidence. Versions of Spinnaker prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2 contain security vulnerabilities. These vulnerabilities stem from the...

9.9CVSS6AI score0.00032EPSS

Exploits0References2

CNNVD•added 2026/02/24 12:0 a.m.•5 views

DotCMS 安全漏洞

DotCMS is an open-source content management system developed by DotCMS Inc., written in Java. It is used to manage content and content-driven websites and applications. DotCMS has a security vulnerability that stems from a sandbox escape issue in the Velocity scripting engine. This vulnerability...

9.9CVSS6AI score0.00073EPSS

Exploits0References1

RedhatCVE•added 2026/02/06 1:25 a.m.•5 views

CVE-2026-25526

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...

9.8CVSS5.6AI score0.00042EPSS

Exploits1References1

NVD•added 2026/02/04 10:15 p.m.•4 views

CVE-2026-25526

9.8CVSS0.00042EPSS

Exploits1References5

CVE•added 2026/02/04 9:26 p.m.•16 views

CVE-2026-25526

CVE-2026-25526 affects JinJava, a Java-based template engine that renders Jinja-like templates. The vulnerability allows arbitrary Java execution via bypass through the ForTag, enabling instantiation of arbitrary Java classes and filesystem access, bypassing sandbox restrictions. Red Hat and othe...

9.8CVSS5.7AI score0.00042EPSS

Exploits1References5Affected Software1

Cvelist•added 2026/02/04 9:26 p.m.•23 views

CVE-2026-25526 JinJava Bypass through ForTag leads to Arbitrary Java Execution

9.8CVSS0.00042EPSS

Exploits1References5

ATTACKERKB•added 2026/02/04 9:26 p.m.•4 views

CVE-2026-25526

9.8CVSS5.7AI score0.00042EPSS

Exploits1References6Affected Software1

OSV•added 2026/02/04 9:26 p.m.•3 views

CVE-2026-25526 JinJava Bypass through ForTag leads to Arbitrary Java Execution

9.8CVSS5.7AI score0.00042EPSS

Exploits1References7

Vulnrichment•added 2026/02/04 9:26 p.m.•3 views

CVE-2026-25526 JinJava Bypass through ForTag leads to Arbitrary Java Execution

9.8CVSS5.7AI score0.00042EPSS

Exploits1References5

CNNVD•added 2026/02/04 12:0 a.m.•4 views

HubSpot Jinjava 安全漏洞

HubSpot Jinjava is an application developed by a personal developer at HubSpot in the United States. It provides a Java-based template engine and Django template syntax, suitable for rendering Jinja templates. There were security vulnerabilities in versions of HubSpot Jinjava prior to 2.7.6 and...

9.8CVSS6AI score0.00042EPSS

Exploits1References5

Positive Technologies•added 2026/02/03 12:0 a.m.•3 views

PT-2026-6313

Name of the Vulnerable Software and Affected Versions JinJava versions prior to 2.7.6 JinJava versions prior to 2.8.3 Description JinJava is a Java-based template engine that uses django template syntax to render jinja templates. A flaw exists in the ForTag component that allows for arbitrary Jav...

10CVSS5.7AI score0.00042EPSS

Exploits1References19