Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

51 matches found

NVD
NVDadded 2026/06/17 5:16 p.m.9 views

CVE-2026-36418

JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing attackers to execute...

9.1CVSS0.00471EPSS
Exploits0References1
CVE
CVEadded 2026/06/17 12:0 a.m.19 views

CVE-2026-36418

The CVE concerns JimuReport versions ≤ 2.3.4, where remote code execution is possible via the /jmreport/executeSelectApi endpoint due to inadequate validation of user input passed to the Aviator expression engine. This is caused by improper handling of Aviator expressions, allowing arbitrary code...

9.1CVSS6.8AI score0.00471EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/17 12:0 a.m.17 views

CVE-2026-36418

JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing attackers to execute...

0.00471EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2014-2964

Malware in sbrugna...

7.2CVSS6.3AI score0.00387EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.6 views

EUVD-2014-2986

Malware in sbrugna...

6.9CVSS6.4AI score0.00486EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.7 views

EUVD-2023-0359

Malicious code in bioql PyPI...

9.8CVSS9AI score0.01381EPSS
Exploits1References7
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-1885

Malicious code in bioql PyPI...

8.8CVSS5.9AI score0.01115EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2025/05/23 3:51 a.m.5 views

CVE-2023-3308

A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerabilit...

8.8CVSS6.8AI score0.01115EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/23 1:57 a.m.7 views

CVE-2023-24163

SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine...

9.8CVSS8.2AI score0.01381EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/07/10 12:0 a.m.5 views

PT-2024-37773 · Zmops · Argusdbm

Name of the Vulnerable Software and Affected Versions: zmops ArgusDBM version 0.1.0 Description: A critical issue was found in the getDefaultClassLoader function of the CalculateAlarm.java file, part of the AviatorScript Handler component. This issue leads to deserialization and can be exploited...

6.5CVSS7AI score0.00531EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2024/02/22 12:0 a.m.5 views

PT-2024-14103 · Hertzbeat · Hertzbeat

Name of the Vulnerable Software and Affected Versions: Hertzbeat versions prior to 1.4.1 Description: Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in...

9.8CVSS7.9AI score0.01309EPSS
Exploits1References8
Veracode
Veracodeadded 2023/06/27 8:48 a.m.8 views

Deserialization Of Untrusted Data

Whaleal IceFrog is vulnerable to Deserialization Of Untrusted Data. The vulnerability exists in the aviator Template Engine which can result in code injection...

8.8CVSS7AI score0.01115EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2023/06/18 9:30 a.m.25 views

GHSA-RX62-5CW6-X29Q Whaleal IceFrog is vulnerable to deserialization

Whaleal IceFrog v1.1.8 component Aviator Template Engine is vulnerable to deserialization of untrusted data. The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid...

5.5CVSS6.8AI score0.01115EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2023/06/18 9:30 a.m.16 views

Whaleal IceFrog is vulnerable to deserialization

Whaleal IceFrog v1.1.8 component Aviator Template Engine is vulnerable to deserialization of untrusted data. The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid...

8.8CVSS6.9AI score0.01115EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2023/06/18 9:15 a.m.2 views

CVE-2023-3308

A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerabilit...

8.8CVSS5.2AI score0.01115EPSS
Exploits1References3
NVD
NVDadded 2023/06/18 9:15 a.m.42 views

CVE-2023-3308

A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerabilit...

8.8CVSS6.5AI score0.01115EPSS
Exploits1References3
Prion
Prionadded 2023/06/18 9:15 a.m.17 views

Deserialization of untrusted data

A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerabilit...

5.2CVSS8.8AI score0.01115EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2023/06/18 9:0 a.m.12 views

CVE-2023-3308 whaleal IceFrog Aviator Template Engine deserialization

A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerabilit...

5.5CVSS6.8AI score0.01115EPSS
Exploits1References3
CVE
CVEadded 2023/06/18 9:0 a.m.57 views

CVE-2023-3308

CVE-2023-3308 concerns whaleal IceFrog v1.1.8, where the vulnerability is in the Aviator Template Engine. The provided documents consistently describe a deserialization vulnerability in that component, enabling untrusted data to be deserialized within whaleal IceFrog. Exploitation is acknowledged...

8.8CVSS7.1AI score0.01115EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2023/06/18 9:0 a.m.41 views

CVE-2023-3308 whaleal IceFrog Aviator Template Engine deserialization

A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerabilit...

5.5CVSS9AI score0.01115EPSS
Exploits1References3
Rows per page
Query Builder