30 matches found
EUVD-2025-11953
Malicious code in bioql PyPI...
CVE-2025-43955
TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...
CVE-2025-43955
TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...
CVE-2025-43955
TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...
CVE-2025-43955
TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...
CVE-2025-43955
TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...
PT-2025-17415 · Unknown · Commons-Jxpath +1
Name of the Vulnerable Software and Affected Versions: Convertigo versions 8.3.4 and earlier Description: The issue is related to the TwsCachedXPathAPI in Convertigo, which does not restrict the use of commons-jxpath APIs. Recommendations: For versions 8.3.4 and earlier, consider restricting acce...
Convertigo 安全漏洞
Convertigo is an open source low-code platform from Convertigo Open Source that includes a no-code application builder for full-stack mobile and web application development. A security vulnerability exists in Convertigo 8.3.4 and earlier versions that stems from the TwsCachedXPathAPI not...
CVE-2025-43955
Convertigo
Exploit for Code Injection in Geoserver
CVE-2024-36401-poc CVE-2024-36401 is a high-risk remote code...
hermes-management is vulnerable to RCE due to Apache commons-jxpath
Impact hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath. Patches Upgrade Hermes to at least hermes-2.2.9 References https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/...
GHSA-2GH6-WC3M-G37F hermes-management is vulnerable to RCE due to Apache commons-jxpath
Impact hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath. Patches Upgrade Hermes to at least hermes-2.2.9 References https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/...
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...
CVE-2024-36401
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...
Fedora: Security Advisory for apache-commons-jxpath (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: apache-commons-jxpath-1.3-52.fc40
Defines a simple interpreter of an expression language called XPath. JXPath applies XPath expressions to graphs of objects of all kinds: JavaBeans, Maps, Servlet contexts, DOM etc, including mixtures thereof...
JXPath: untrusted XPath expressions may lead to RCE attack
A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons JXPath
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons JXPath. Vulnerability Details CVEID: CVE-2022-40159 DESCRIPTION: JXPath is vulnerable to a denial of service, caused by a stack-based buffer overflow in parsing XPath. By sending...
Remote Code Execution (RCE)
commons-jxpath is vulnerable to remote code execution. The vulnerability exists in selectSingleNode function in JXPathContext.java where the attacker can use the xpath expression to load any java class from the classpath which will lead to a code execution...
Apache Commons JXPath Buffer Overflow Vulnerability (CNVD-2022-73689)
Apache Commons JXPath is a Java-based implementation of XPath 1.0 from the Apache Foundation, U.S.A. A buffer overflow vulnerability exists in Apache Commons JXPath, which is caused by a stack buffer overflow when parsing XPath. A remote attacker could exploit this vulnerability to cause a denial...