CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9082 matches found

CVE•added 2026/05/19 2:3 p.m.•10 views

CVE-2026-2587

CVE-2026-2587 describes a critical RCE in the server-side template rendering used by the Glassfish gadget handler. The flaw arises when processing .xml files, evaluating user-supplied values as Expression Language (EL) expressions without proper sanitization, e.g., #{7*7}, enabling server-side EL...

9.6CVSS6AI score0.00146EPSS

Exploits2References1Affected Software1

NVD•added 2026/05/19 10:16 a.m.•7 views

CVE-2026-31380

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS0.00187EPSS

Exploits0References2

ATTACKERKB•added 2026/05/19 9:24 a.m.•3 views

CVE-2026-31380

5.8AI score0.00187EPSS

Exploits0References2

EUVD•added 2026/05/19 9:24 a.m.•5 views

EUVD-2026-30862

6.5CVSS5.8AI score0.00187EPSS

Exploits0References1

CVE•added 2026/05/19 9:24 a.m.•11 views

CVE-2026-31380

CVE-2026-31380 affects Apache OFBiz prior to 24.09.06, with an issue described as an Expression Language Injection due to improper neutralization of special elements. The CVE entry notes the vulnerability can be exploited over the network without authentication and with no user interaction, resul...

6.5CVSS5.8AI score0.00187EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/05/19 1:58 a.m.•7 views

CVE-2026-8759

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...

7.5CVSS5.4AI score0.00026EPSS

Exploits0References1

CNNVD•added 2026/05/19 12:0 a.m.•6 views

Apache OFBiz 安全漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by improper handling of...

6.5CVSS5.8AI score0.00187EPSS

Exploits0References1

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-41849

5.8AI score0.00187EPSS

Exploits0References2

Tenable Nessus•added 2026/05/19 12:0 a.m.•6 views

RHEL 10 : libssh (RHSA-2026:18160)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18160 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh:...

8.2CVSS6.2AI score0.00064EPSS

Exploits8References17

Positive Technologies•added 2026/05/19 12:0 a.m.•8 views

PT-2026-41933

Name of the Vulnerable Software and Affected Versions Eclipse GlassFish version 8.0.0 Eclipse GlassFish versions prior to 7.1.0 Description A critical Expression Language EL injection issue exists in the server-side template rendering mechanism used by the GlassFish gadget handler. The applicatio...

9.6CVSS6.2AI score0.00146EPSS

Exploits2References5

vulnersOsv•added 2026/05/19 12:0 a.m.•6 views

@antv/ava (=3.6.0-alpha.0), @antv/g (>=6.0.0 <=6.2.1) +6 more potentially affected by unknown CVE via @antv/g-camera-api (>=2.0.0 <=2.0.9)

@antv/g-camera-api NPM version =2.0.0, =6.0.0, =0.5.9, =2.0.0, =1.2.5, =1.2.6 - expression-language-editor =0.0.4 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3910...

5.8AI score

Exploits0