Improper Input Validation

com.ibeetl:beetl-spring-classic is vulnerable to Improper Input Validation. The vulnerability is due to improper neutralization of special elements in expression language statements within the SpELFunction component, which allows an attacker to inject and execute malicious expressions remotely...

CVE-2026-8759

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via the SpELFunction.call method. An attacker can execute arbitrary expression language code by supplying crafted input...

com.ibeetl:beetl-online-web (=3.15.3.RELEASE), com.ibeetl:beetl-spring-boot-starter-classic (>=3.14.1.RELEASE <=3.20.2.RELEASE) potentially affected by CVE-2026-8759 via com.ibeetl:beetl-spring-classic (>=3.14.1.RELEASE <=3.20.2.RELEASE)

com.ibeetl:beetl-spring-classic MAVEN version =3.14.1.RELEASE, =3.14.1.RELEASE, =3.20.2.RELEASE Source cves: CVE-2026-8759 Source advisory: OSV:GHSA-FMMW-44RP-JCFP...

GHSA-FMMW-44RP-JCFP Beetl's SpELFunction extension function has an expression injection risk

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...

Beetl's SpELFunction extension function has an expression injection risk

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...

CVE-2026-8759

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...

CVE-2026-8759

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...

CVE-2026-8759

Technical details are not publicly available in the provided documents; no affected versions, vectors, or fixes are specified beyond the description. Monitor for updates.

CVE-2026-8759 xiandafu beetl SpELFunction SpELFunction.java expression language injection

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...

EUVD-2026-30704

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...

CVE-2026-8759 xiandafu beetl SpELFunction SpELFunction.java expression language injection

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...

Beetl 输入验证错误漏洞

Beetl is a high-speed template engine developed by xiandafu’s individual developers. Versions of Beetl 3.20.2 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of special elements within expression language statements in th...

PT-2026-41572

Name of the Vulnerable Software and Affected Versions xiandafu beetl versions prior to 3.20.3 Description Improper neutralization of special elements in an expression language statement allows for remote exploitation. The issue exists within the SpELFunction component, specifically in an unknown...

EUVD-2024-0594

Malicious code in bioql PyPI...

EUVD-2024-0227

Malicious code in bioql PyPI...

EUVD-2023-1575

Malicious code in bioql PyPI...

EUVD-2022-51700

Malicious code in bioql PyPI...

EUVD-2025-14331

Malicious code in bioql PyPI...

CVE-2024-22533

Before Beetl v3.15.12, the rendering template has a server-side template injection SSTI vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading t...