ai.h2o:h2o-algos (=0.1.9), ai.h2o:h2o-app (=0.1.9) +2025 more potentially affected by CVE-2026-45536 via io.netty:netty-transport-native-kqueue (>=4.1.11.Final <=4.1.134.Final)

io.netty:netty-transport-native-kqueue MAVEN version =4.1.11.Final, =3.30.1.1, =3.10.0.5, =0.2.3.5, =2.4.0, =1.5.0, =3.0.0, =3.0.0, =1.0.3, =4.4.0, =4.7.3 and more Source cves: CVE-2026-45536 Source advisory: OSV:GHSA-W573-9FFJ-6FF9...

Remote Code Execution (RCE)

cn.hutool, hutool-extra is vulnerable to remote code execution RCE. The vulnerability is due to improper expression handling in the QLExpressEngine class, which allows an attacker to execute arbitrary expressions leading to arbitrary method invocation and potential remote code execution...

cc.zhaoac:faith-permission (=1.1.0), cc.zhaoac:faith-tool-boot (=1.1.0) +838 more potentially affected by CVE-2025-56769 via cn.hutool:hutool-extra (>=5.0.0 <=5.8.4)

cn.hutool:hutool-extra MAVEN version =5.0.0, =1.0.0, =1.0.0, =1.2.0 - cn.fscode.common:common-core-spring-boot-starter =0.0.1 - cn.fscode.common:common-data-mate-spring-boot-starter =0.0.1 - cn.fscode.common:common-dynamic-datasource-spring-boot-starter =0.0.1 and more Source cves: CVE-2025-56769...

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via the QLExpressEngine process. An attacker can execute arbitrary code by submitting crafted expressions that trigger...

cc.zhaoac:faith-permission (=1.1.0), cc.zhaoac:faith-tool-boot (=1.1.0) +865 more potentially affected by CVE-2025-56769 via cn.hutool:hutool-extra (>=4.5.11 <=5.8.4)

cn.hutool:hutool-extra MAVEN version =4.5.11, =1.0.0, =1.0.0, =1.2.0 - cn.fscode.common:common-core-spring-boot-starter =0.0.1 - cn.fscode.common:common-data-mate-spring-boot-starter =0.0.1 - cn.fscode.common:common-dynamic-datasource-spring-boot-starter =0.0.1 and more Source cves: CVE-2025-5676...

cn.hutool:hutool-aop (>=4.0.0 <=4.1.11), cn.hutool:hutool-bloomFilter (>=4.0.0 <=4.1.11) +79 more potentially affected by CVE-2018-17297 via cn.hutool:hutool-core (>=4.0.0 <=4.1.11)

cn.hutool:hutool-core MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.1.11 and more Source cves: CVE-2018-17297 Source advisory: OSV:GHSA-RHQ2-2574-78MC...