6 matches found
CVE-2026-42797
Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...
CVE-2026-42797
Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...
CVE-2026-42797 Apache Syncope: JexlContextBuilder Information Disclosure
Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...
CVE-2026-24713
CVE-2026-24713 is an Apache IoTDB issue described as an Improper Input Validation vulnerability that affects IoTDB releases prior to 1.3.7 and prior to 2.0.7 (i.e., 1.0.0–1.3.6 and 2.0.0–2.0.6). The connected CVE record additionally labels this as a JEXL Expression Injection vulnerability. Affect...
GHSA-8M9F-C5P9-WQCH Remote Code Execution in com.bstek.uflo:uflo-core
All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...
OpenNMS Horizon RCE via JEXL2 expression
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts 1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions...