📄 Ivanti Endpoint Manager Mobile 12.5.0.0 Expression Language Injection

Ivanti Endpoint Manager Mobile version 12.5.0.0 proof of concept exploit with a vulnerability chain that allows unauthenticated attackers to execute arbitrary commands on the target system through Java Expression Language EL injection in the /mifs/rs/api/v2/featureusage endpoint...

EUVD-2018-8428

Malware in sbrugna...

EUVD-2023-3115

Malicious code in bioql PyPI...

EUVD-2023-46856

Malicious code in bioql PyPI...

CVE-2023-42404

OneVision Workspace before WS23.1 SR1 build w31.040 allows arbitrary Java EL execution...

CVE-2023-42404

OneVision Workspace before WS23.1 SR1 build w31.040 allows arbitrary Java EL execution...

PT-2025-18091 · Onevision · Onevision Workspace

Name of the Vulnerable Software and Affected Versions: OneVision Workspace versions prior to WS23.1 SR1 build w31.040 Description: The issue allows for arbitrary Java EL execution. This means that an attacker could potentially execute malicious Java Expression Language code, leading to unauthoriz...

OneVision Workspace 安全漏洞

OneVision Workspace is a software solution for automating PDF workflows from OneVision. A security vulnerability exists in OneVision Workspace versions prior to WS23.1 SR1, which originates from allowing the execution of arbitrary Java EL expressions...

CVE-2020-5245

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...

Primefaces Remote Code Execution Exploit

This module exploits a Java Expression Language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt. Tested against Docker...

Code Injection

ShifuM is vulnerable to Code Injection. The vulnerability is due to improper handling of the FilterExpression argument within the Java Expression Language Handler in the src/main/java/ml/shifu/shifu/core/DataPurifier.java file. This issue can be exploited by an attacker by manipulating the...

GHSA-5FPQ-3C9P-3R3W ShifuML shifu code injection vulnerability

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

ShifuML shifu code injection vulnerability

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

CVE-2023-7148

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

CVE-2023-7148

Summary of CVE-2023-7148 (ShifuML Shifu 0.12.0) : The vulnerability affects the Java Expression Language Handler, specifically the file src/main/java/ml/shifu/shifu/core/DataPurifier.java, where manipulation of the FilterExpression argument enables code injection. This can be exploited remotely; ...

PT-2023-32909 · Unknown · Shifuml Shifu

Name of the Vulnerable Software and Affected Versions: ShifuML shifu version 0.12.0 Description: A critical vulnerability has been found in the Java Expression Language Handler component, specifically in the file src/main/java/ml/shifu/shifu/core/DataPurifier.java. The manipulation of the...

cron-utils: template Injection leading to unauthenticated Remote Code Execution

A flaw was found in cron-utils. This flaw allows an attacker to perform unauthenticated Remote Code Execution RCE via Java Expression Language EL injection...

cron-utils: template Injection leading to unauthenticated Remote Code Execution

A flaw was found in cron-utils. This flaw allows an attacker to perform unauthenticated Remote Code Execution RCE via Java Expression Language EL injection...

Cron Utils 代码注入漏洞

Cron Utils is Jmrozanec individual developers of a Java code base for validating , parsing , migrating Cron expressions . A code injection vulnerability exists in Cron Utils that allows an attacker to inject arbitrary Java EL expressions to execute remote code...

cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution

A flaw was found in cron-utils. End applications passing unsanitized user input which is subsequently parsed by the @Cron annotation can allow an attacker to execute arbitrary expressions using JavaEL which will be implicitly executed by the constraint validator. The highest threat from this...