Lucene search
K

76 matches found

NVD
NVD
β€’added 2026/06/24 2:17 p.m.β€’9 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

8.5CVSS0.00594EPSS
Exploits0References4
CVE
CVE
β€’added 2026/06/24 1:20 p.m.β€’19 views

CVE-2026-57281

CVE-2026-57281 affects Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier. The root cause is that the plugin does not reject Groovy AST transformation annotations carrying an extensions member, which can allow attackers to run sandboxed Groovy scripts to execute code outside the sandbo...

8.5CVSS6AI score0.00594EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
β€’added 2026/06/24 1:20 p.m.β€’5 views

CVE-2026-57280

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection...

8.8CVSS6AI score0.00372EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
β€’added 2026/06/24 1:20 p.m.β€’6 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

8.5CVSS6AI score0.00594EPSS
Exploits0References2
Vulnrichment
Vulnrichment
β€’added 2026/06/24 1:20 p.m.β€’6 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

6AI score0.00594EPSS
Exploits0References1
Positive Technologies
Positive Technologies
β€’added 2026/06/24 12:0 a.m.β€’14 views

PT-2026-51790

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions prior to 1402.v94c9ce464861 Description Sandboxed Groovy scripts fail to intercept implicit type casts applied to elements of typed for-each loops. This allows attackers who can provide such scripts to...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References4
RedhatCVE
RedhatCVE
β€’added 2026/05/28 2:12 a.m.β€’14 views

CVE-2026-42782

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

7.2CVSS6AI score0.00652EPSS
Exploits0References1
Snyk
Snyk
β€’added 2026/05/25 5:0 p.m.β€’9 views

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the GroovyInterceptor initialization of classes via GroovySandbox. An administrator user with the Implementations entitlement can execute arbitrary code by creating a malicious Groovy class...

8.6CVSS6.3AI score0.00652EPSS
Exploits0References2
Vulnrichment
Vulnrichment
β€’added 2026/04/14 11:21 p.m.β€’6 views

CVE-2026-39842 OpenRemote is Vulnerable to Expression Injection

OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...

9.9CVSS6.7AI score0.00924EPSS
Exploits2References2
Github Security Blog
Github Security Blog
β€’added 2026/04/14 10:31 p.m.β€’12 views

Expression Injection in OpenRemote

Summary The OpenRemote IoT platform's rules engine contains two interrelated critical expression injection vulnerabilities that allow an attacker to execute arbitrary code on the server, ultimately achieving full server compromise. - Unsandboxed Nashorn JavaScript Engine: JavaScript rules are...

9.9CVSS6.5AI score0.00924EPSS
Exploits2References4Affected Software1
OSV
OSV
β€’added 2026/04/14 10:31 p.m.β€’6 views

GHSA-7MQR-33RV-P3MP Expression Injection in OpenRemote

Summary The OpenRemote IoT platform's rules engine contains two interrelated critical expression injection vulnerabilities that allow an attacker to execute arbitrary code on the server, ultimately achieving full server compromise. - Unsandboxed Nashorn JavaScript Engine: JavaScript rules are...

9.9CVSS6.5AI score0.00924EPSS
Exploits2References4
Positive Technologies
Positive Technologies
β€’added 2026/04/14 12:0 a.m.β€’9 views

PT-2026-32964

Summary The OpenRemote IoT platform's rules engine contains two interrelated critical expression injection vulnerabilities that allow an attacker to execute arbitrary code on the server, ultimately achieving full server compromise. - Unsandboxed Nashorn JavaScript Engine: JavaScript rules are...

9.9CVSS6.5AI score0.00924EPSS
Exploits2References6
Veracode
Veracode
β€’added 2026/02/09 8:35 a.m.β€’10 views

Remote Code Execution (RCE)

Crafter CMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper control of dynamically managed Groovy code, where authenticated developers can bypass the Groovy sandbox by injecting malicious Groovy elements, allowing execution of arbitrary OS commands...

7.3CVSS6.1AI score0.00425EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
β€’added 2026/02/03 9:19 p.m.β€’7 views

CVE-2026-1770

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References1
Snyk
Snyk
β€’added 2026/02/02 6:31 p.m.β€’5 views

Improper Control of Dynamically-Managed Code Resources

Overview Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the Groovy Sandbox. An attacker can execute arbitrary operating system commands by injecting malicious Groovy elements to bypass sandbox restrictions. Remediation Upgrade...

8CVSS6AI score0.00425EPSS
Exploits0References2
Github Security Blog
Github Security Blog
β€’added 2026/02/02 6:31 p.m.β€’9 views

Crafter CMS has Improper Control of Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References3Affected Software1
OSV
OSV
β€’added 2026/02/02 6:31 p.m.β€’5 views

GHSA-GJ28-GW7W-3PXC Crafter CMS has Improper Control of Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References3
NVD
NVD
β€’added 2026/02/02 5:16 p.m.β€’10 views

CVE-2026-1770

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS0.00425EPSS
Exploits0References1
EUVD
EUVD
β€’added 2026/02/02 4:16 p.m.β€’10 views

EUVD-2026-5112

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References1
Cvelist
Cvelist
β€’added 2026/02/02 4:16 p.m.β€’27 views

CVE-2026-1770 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS0.00425EPSS
Exploits0References1
Rows per page
Query Builder