Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

GithubExploit
GithubExploitadded 2026/04/16 1:18 a.m.129 views

Exploit for Code Injection in Xwiki

CVE-2025-24893 — XWiki SSTI Remote Code Execution Overview...

9.8CVSS7.6AI score0.99898EPSS
Exploits50
CNNVD
CNNVDadded 2025/10/20 12:0 a.m.3 views

Apache Syncope 安全漏洞

Apache Syncope is an open source digital identity management system from the Apache USA Foundation for use in enterprise environments. The system supports identity management, role configuration, and more. A security vulnerability exists in Apache Syncope versions 3.0.14 and 4.0.2, which stems fr...

7.2CVSS9.6AI score0.23107EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2025/10/02 7:45 p.m.466 views

Exploit for Code Injection in Xwiki

XWiki SSTI Exploit A Python exploit for XWiki Server-Side Tem...

9.8CVSS8AI score0.99898EPSS
Exploits50
GithubExploit
GithubExploitadded 2025/08/03 2:49 p.m.114 views

Exploit for Code Injection in Xwiki

XWiki CVE-2025-24893 Proof of Concept Authors: Net.Doge...

9.8CVSS10AI score0.99898EPSS
Exploits50
RedhatCVE
RedhatCVEadded 2025/05/22 7:9 p.m.4 views

CVE-2021-21248

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job paramete...

9.6CVSS7.7AI score0.01451EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2024/06/03 7:8 p.m.442 views

Exploit for Improper Access Control in Apache Hugegraph

CVE-2024-27348 🪶 CVE-2024-27348 Proof of concept Exploit RCE...

9.8CVSS10AI score0.9921EPSS
Exploits11
OSV
OSVadded 2023/03/03 10:49 p.m.3 views

GHSA-8CW6-4R32-6R3H XWiki Platform may allow privilege escalation to programming rights via user's first name

Impact Any user can edit his own profile and inject code which is going to be executed with programming right. Steps to reproduce: Set your first name to cache id="userProfile"groovyprintln"Hello from groovy!"/groovy/cache The first name appears as interpreted "Hello from groovy" instead of the...

9.9CVSS5.8AI score0.01163EPSS
Exploits1References6
BDU FSTEC
BDU FSTECadded 2022/02/16 12:0 a.m.1 views

The vulnerability of the Apache ShenYu software lies in its incorrect code generation management, allowing attackers to execute arbitrary code.

The vulnerability of the Apache ShenYu software is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using Groovy Code injection or SpEL injection...

10CVSS8.2AI score0.06029EPSS
Exploits0References5Affected Software1
NVD
NVDadded 2022/01/25 1:15 p.m.13 views

CVE-2021-45029

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

9.8CVSS0.06029EPSS
Exploits0References3
CNNVD
CNNVDadded 2022/01/25 12:0 a.m.4 views

Apache ShenYu 代码注入漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . Apache ShenYu has a code injection vulnerability in versions 2.4.0 and 2.4.1 that stems from an improperly designed or implemented code development process...

9.8CVSS6.6AI score0.06029EPSS
Exploits0References5
Rows per page
Query Builder