Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to JSON-Java

Summary IBM webMethods BPM uses JSON-Java for reading and parsing of JSON data. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to json-20190722.jar

Summary IBM webMethods BPM uses json-20190722.jar for reading and parsing of JSON data. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite...

Remote Code Execution (RCE)

cn.hutool, hutool-extra is vulnerable to remote code execution RCE. The vulnerability is due to improper expression handling in the QLExpressEngine class, which allows an attacker to execute arbitrary expressions leading to arbitrary method invocation and potential remote code execution...

EUVD-2018-0685

Malware in sbrugna...

EUVD-2023-1735

Malicious code in bioql PyPI...

EUVD-2022-7498

Malicious code in bioql PyPI...

EUVD-2023-1851

Malicious code in bioql PyPI...

EUVD-2023-2592

Malicious code in bioql PyPI...

EUVD-2025-31174

Malicious code in bioql PyPI...

EUVD-2023-0359

Malicious code in bioql PyPI...

EUVD-2023-0377

Malicious code in bioql PyPI...

EUVD-2023-2459

Malicious code in bioql PyPI...

EUVD-2022-7491

Malicious code in bioql PyPI...

EUVD-2022-1118

Malicious code in bioql PyPI...

EUVD-2023-2589

Malicious code in bioql PyPI...

GHSA-GCFH-36X4-MGJ6 Hutool allows remote code execution (RCE) via the QLExpressEngine class

An issue was discovered in chinabugotech hutool before 5.8.40 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution RCE via the QLExpressEngine class...

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via the QLExpressEngine process. An attacker can execute arbitrary code by submitting crafted expressions that trigger...

Hutool allows remote code execution (RCE) via the QLExpressEngine class

An issue was discovered in chinabugotech hutool before 5.8.40 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution RCE via the QLExpressEngine class...

cc.zhaoac:faith-permission (=1.1.0), cc.zhaoac:faith-tool-boot (=1.1.0) +862 more potentially affected by CVE-2025-56769 via cn.hutool:hutool-extra (>=4.5.11 <=5.8.4)

cn.hutool:hutool-extra MAVEN version =4.5.11, =1.0.0, =1.0.0, =1.2.0 - cn.fscode.common:common-core-spring-boot-starter =0.0.1 - cn.fscode.common:common-data-mate-spring-boot-starter =0.0.1 - cn.fscode.common:common-dynamic-datasource-spring-boot-starter =0.0.1 and more Source cves: CVE-2025-5676...

cc.zhaoac:faith-permission (=1.1.0), cc.zhaoac:faith-tool-boot (=1.1.0) +835 more potentially affected by CVE-2025-56769 via cn.hutool:hutool-extra (>=5.0.0 <=5.8.4)

cn.hutool:hutool-extra MAVEN version =5.0.0, =1.0.0, =1.0.0, =1.2.0 - cn.fscode.common:common-core-spring-boot-starter =0.0.1 - cn.fscode.common:common-data-mate-spring-boot-starter =0.0.1 - cn.fscode.common:common-dynamic-datasource-spring-boot-starter =0.0.1 and more Source cves: CVE-2025-56769...