80 matches found
GHSA-69RW-45WJ-G4V6 Spinnaker: RCE via expression parsing due to unrestricted context handling
Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...
CVE-2026-32613
Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...
Spinnaker 安全漏洞
Spinnaker is an open-source continuous delivery platform developed by Spinnaker. It is used to release software changes with high speed and confidence. Versions of Spinnaker prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2 contain security vulnerabilities. These vulnerabilities stem from the...
EUVD-2025-207542
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...
DotCMS 安全漏洞
DotCMS is an open-source content management system developed by DotCMS Inc., written in Java. It is used to manage content and content-driven websites and applications. DotCMS has a security vulnerability that stems from a sandbox escape issue in the Velocity scripting engine. This vulnerability...
CVE-2023-37525
A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals...
SUSE CVE-2026-1225
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...
CVE-2021-33493
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format...
pig 安全漏洞
pig is a privilege management system for pig-mesh open source. A security vulnerability exists in pig 3.8.2 and earlier versions, which originates in the Quartz management feature that can execute arbitrary Java classes via reflection, potentially leading to remote code execution...
EUVD-2015-9089
Malware in sbrugna...
EUVD-2021-20196
Malware in sbrugna...
EUVD-2025-19560
Malicious code in bioql PyPI...
EUVD-2023-2320
Malicious code in bioql PyPI...
Exploit for Deserialization of Untrusted Data in Apache Parquet_Java
CVE-2025-30065 == Dangerous Deserialization in Parquet-Avro 🔥...
CVE-2025-34067 Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...
Conductor vulnerable to OS command injection through unrestricted access to Java classes
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...
GHSA-8GQP-HR9G-PG62 Conductor vulnerable to OS command injection through unrestricted access to Java classes
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...
CVE-2025-26074
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...
CVE-2025-26074
Orkes Conductor v3.21.11 is affected. The issue arises from unrestricted access to Java classes, enabling remote command execution via the ScriptEvaluator path (inline JavaScript injection). Impact is OS command execution with high severity per CVSS, with network attack vector and no user interac...
Conductor 安全漏洞
Conductor is an event-driven orchestration platform for the Orkes community. A security vulnerability exists in Conductor version v3.21.11, which stems from unrestricted access to Java classes and could lead to the execution of arbitrary OS commands...