Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 On May the 30th, 2022, an organisation named Vo...

PT-2025-24550

Name of the Vulnerable Software and Affected Versions juliangruber brace-expansion versions 1.1.11 through 4.0.0 Description A vulnerability was found in the function expand of the file index.js, leading to inefficient regular expression complexity. The attack may be launched remotely, with a...

GitHub Actions toolkit 安全漏洞

GitHub Actions toolkit is a GitHub toolkit for developing GitHub Actions from GitHub Actions open source. A security vulnerability exists in GitHub Actions toolkit version 0.5.0, which stems from an inefficient regular expression complexity in the function globEscape...

PT-2025-24552 · Unitech · Unitech Pm2

Name of the Vulnerable Software and Affected Versions: Unitech pm2 versions up to 6.0.6 Description: A problematic vulnerability was found in Unitech pm2, affecting unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can b...

NewStart CGSL MAIN 7.02 : python-configobj Vulnerability (NS-SA-2025-0049)

The remote NewStart CGSL host, running version MAIN 7.02, has python-configobj packages installed that are affected by a vulnerability: - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only...

Metabase 安全漏洞

Metabase is an open source data analytics platform from the US-based Metabase, Inc. A security vulnerability exists in Metabase version 54.10, which stems from an inefficient regular expression complexity in the function parseDataUri...

PT-2025-24553 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: RocketChat versions up to 7.6.1 Description: A problematic issue has been found in RocketChat, affecting the parseMessage function of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the line argument...

CVE-2025-3322

An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server...

Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution

This module exploits an unauthenticated remote code execution exploit chain for Ivanti EPMM, tracked as CVE-2025-4427 and CVE-2025-4428. An authentication flaw permits unauthenticated access to an administrator web API endpoint, which allows for code execution via expression language injection...

📄 Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution exploit chain for Ivanti EPMM, tracked as CVE-2025-4427 and CVE-2025-4428. An authentication flaw permits unauthenticated access to an administrator web API endpoint, which allows for code execution via expression language...

Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

GHSA-7V6M-28JR-RG84 Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

CVE-2025-35036

A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language. Mitigation Users who are unable to upgrade...

CVE-2025-35036

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

CVE-2025-35036

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

DEBIAN-CVE-2025-35036

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

UBUNTU-CVE-2025-35036

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

Arbitrary Code Injection

Overview org.hibernate:hibernate-validator is a Hibernate Validator Engine Relocation Artifact. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the interpolation of user-supplied input in constraint violation messages with Expression Language. An attacker can...

Arbitrary Code Injection

Overview org.hibernate.validator:hibernate-validator is a Hibernate Validator Engine Relocation Artifact. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the interpolation of user-supplied input in constraint violation messages with Expression Language. An...

CVE-2025-35036 hibernate-validator insecure default Expression Language interpolation

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...