Lucene search
+L

1104 matches found

Nuclei
Nuclei
added 12 hours ago219 views

Adobe Experience Manager - Expression Language Injection

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 has an expression language injection vulnerability. id: CVE-2019-16469 info: name: Adobe Experience Manager - Expression Language Injection author: DomenicoVeneziano severity: high description: | Adobe Experience Manager versions...

7.5CVSS7.3AI score0.17186EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-41850

A flaw was found in Spring Framework. Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. A remote attacker can exploit this by providing a specially crafted expression, which triggers excessive resource...

7.5CVSS5AI score0.0036EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2026/07/10 7:53 a.m.5 views

K000162182: Spring Expression Language (SpEL) vulnerability CVE-2026-41850

Security Advisory Description Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading...

7.5CVSS6.1AI score0.0036EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/07/07 8:0 p.m.8 views

K000162130: Spring Framework vulnerability CVE-2026-41851

Security Advisory Description Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7;...

7.5CVSS5.9AI score0.0036EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:29 p.m.9 views

Security Bulletin: IBM Terracotta is affected by a Spring Framework vulnerability that could allow Denial of Service (Dos) attacks, and Incorrect Authorization attacks

Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41850 DESCRIPTION: Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By...

7.5CVSS5.9AI score0.0036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 2:11 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') (CVE-2026-40477, CVE-2026-40478)

Summary There are vulnerabilities in thymeleaf-3.1.2.RELEASE.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-40477, CVE-2026-40478. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-40477 DESCRIPTION: Thymeleaf is a server-side Java template engine...

9CVSS6.2AI score0.00862EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.13 views

CVE-2026-41852

A flaw was found in Spring Framework. A vulnerability in the Spring Expression Language SpEL evaluation logic allows an attacker to invoke arbitrary zero-argument methods, even in restricted contexts. This can lead to the execution of unintended application logic, potentially resulting in a Denia...

5.3CVSS6AI score0.00164EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 1:16 p.m.16 views

CVE-2026-11561

Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...

9.8CVSS0.00417EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/11 12:28 p.m.34 views

CVE-2026-11561 SSTI in Soagen Informatics' Apinizer

Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...

9.8CVSS0.00417EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 12:28 p.m.11 views

CVE-2026-11561 SSTI in Soagen Informatics' Apinizer

Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...

9.8CVSS5.5AI score0.00417EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/11 12:28 p.m.10 views

EUVD-2026-36238

Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...

5.3CVSS5.5AI score0.00417EPSS
Exploits1References1
CVE
CVE
added 2026/06/11 12:28 p.m.25 views

CVE-2026-11561

CVE-2026-11561 describes an expression language injection in Apinizer by Soagen Informatics Technologies Software and Consulting Inc. The issue arises from improper neutralization of special elements used in an expression language statement, enabling code injection. Affected versions are Apinizer...

9.8CVSS5.5AI score0.00417EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/11 6:10 a.m.9 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview org.springframework.webflow:spring-webflow is a maven plugin for Spring Web Flow. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via the WebFlowELExpressionParser...

7.2CVSS5.8AI score0.00225EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 5:2 a.m.18 views

EUVD-2026-36200

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

6.4CVSS5.5AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 5:2 a.m.30 views

CVE-2026-40985 Data Binding Vulnerability in Spring Web Flow with Unified EL Parser

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

6.4CVSS0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-41719

A flaw was found in Spring Data KeyValue. This vulnerability, known as a Spring Expression Language SpEL Injection, allows a remote attacker with low privileges to execute arbitrary expressions. This occurs when unsanitized user input is passed as a sorting parameter into a repository query metho...

6.4CVSS6AI score0.00202EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.26 views

PT-2026-48613

Name of the Vulnerable Software and Affected Versions Spring Web Flow version 4.0.0 Spring Web Flow versions 3.0.0 through 3.0.1 Spring Web Flow versions 2.5.0 through 2.5.1 Description Applications that configure the WebFlowELExpressionParser are susceptible to the use of malicious Unified EL...

6.4CVSS5.8AI score0.00225EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.20 views

VMware Spring Web Flow 安全漏洞

VMware Spring Web Flow is a web application flow management framework developed by the American company VMware. Versions 4.0.0, 3.0.0 to 3.0.1, and 2.5.0 to 2.5.1 of VMware Spring Web Flow contain security vulnerabilities. These vulnerabilities stem from the possibility of malicious Unified EL...

6.4CVSS5.4AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Soagen Apinizer 安全漏洞

Soagen Apinizer is an API management and API gateway platform developed by the Turkish company Soagen. Versions of Soagen Apinizer from 2026.04.0 to 2026.04.6 contained security vulnerabilities. These vulnerabilities were caused by improper handling of special elements in expressions language...

9.8CVSS5.4AI score0.00417EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.23 views

PT-2026-48658

Name of the Vulnerable Software and Affected Versions Apinizer versions 2026.04.0 through 2026.04.5 Description Improper neutralization of special elements used in an expression language statement leads to an expression language injection, which allows for code injection. Recommendations Update t...

9.8CVSS6.1AI score0.00417EPSS
Exploits1References5
Rows per page
Query Builder