Exploit for Eval Injection in Geoserver

CVE-2024-36401 — Unauthenticated RCE in GeoServer !CVEhttp...

EUVD-2022-7135

Malicious code in bioql PyPI...

EUVD-2025-11953

Malicious code in bioql PyPI...

EUVD-2022-7064

Malicious code in bioql PyPI...

CVE-2025-59954 Knowage Contains a Remote Code Execution Vulnerability

Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27...

CVE-2025-59954

CVE-2025-59954 affects Knowage: versions 8.1.26 and earlier are vulnerable to remote code execution due to an unsafe org.apache.commons.jxpath.JXPathContext usage in MetaService.java. The issue enables a hostile actor to execute code remotely, with impact described as high on confidentiality, int...

CVE-2022-40160

DISPUTED This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA...

CVE-2022-40159

DISPUTED This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA...

CVE-2025-43955

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...

CVE-2025-43955

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...

CVE-2025-43955

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...

CVE-2025-43955

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...

CVE-2025-43955

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...

PT-2025-17415 · Unknown · Commons-Jxpath +1

Name of the Vulnerable Software and Affected Versions: Convertigo versions 8.3.4 and earlier Description: The issue is related to the TwsCachedXPathAPI in Convertigo, which does not restrict the use of commons-jxpath APIs. Recommendations: For versions 8.3.4 and earlier, consider restricting acce...

Convertigo 安全漏洞

Convertigo is an open source low-code platform from Convertigo Open Source that includes a no-code application builder for full-stack mobile and web application development. A security vulnerability exists in Convertigo 8.3.4 and earlier versions that stems from the TwsCachedXPathAPI not...

CVE-2025-43955

Convertigo

Exploit for Code Injection in Geoserver

CVE-2024-36401-poc CVE-2024-36401 is a high-risk remote code...

hermes-management is vulnerable to RCE due to Apache commons-jxpath

Impact hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath. Patches Upgrade Hermes to at least hermes-2.2.9 References https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/...

GHSA-2GH6-WC3M-G37F hermes-management is vulnerable to RCE due to Apache commons-jxpath

Impact hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath. Patches Upgrade Hermes to at least hermes-2.2.9 References https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/...

CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...