Lucene search
+L

25 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-41719

A flaw was found in Spring Data KeyValue. This vulnerability, known as a Spring Expression Language SpEL Injection, allows a remote attacker with low privileges to execute arbitrary expressions. This occurs when unsanitized user input is passed as a sorting parameter into a repository query metho...

6.4CVSS6AI score0.00202EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 12:31 a.m.12 views

EUVD-2026-35901

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

6.4CVSS5.5AI score0.00202EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.16 views

CVE-2026-41719

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

6.4CVSS0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

VMware Spring Data KeyValue和VMware Spring Data Redis 安全漏洞

VMware Spring Data KeyValue and VMware Spring Data Redis are both products of the American company VMware. VMware Spring Data KeyValue is a key-value storage data access framework. VMware Spring Data Redis is a Redis data access framework. Both VMware Spring Data KeyValue and VMware Spring Data...

6.4CVSS5.4AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 11:48 p.m.40 views

CVE-2026-41719 Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

6.4CVSS0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 p.m.9 views

CVE-2026-41719 Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

6.4CVSS5.5AI score0.00202EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:48 p.m.30 views

CVE-2026-41719

Technical details about CVE-2026-41719 are not publicly available in the provided documents. Monitor for updates from official advisories; no specifics on affected products, vectors, or fixes are provided here.

6.4CVSS5.5AI score0.00202EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48320

Name of the Vulnerable Software and Affected Versions Spring Data KeyValue / Spring Data Redis versions 4.0.0 through 4.0.5 Spring Data KeyValue / Spring Data Redis versions 3.5.0 through 3.5.11 Spring Data KeyValue / Spring Data Redis versions 3.4.0 through 3.4.14 Spring Data KeyValue / Spring...

6.4CVSS6AI score0.00202EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.8 views

cve-2026-41719 - MEDIUM - Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator

cve-2026-41719 - MEDIUM - Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator...

6.4CVSS6.1AI score0.00202EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-27846

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01116EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-22562

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dictforeachkeyvalue at swftools/lib/q.c. CVE-2024-22562 Note that Nessus reli...

7.8CVSS7AI score0.00285EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/01/19 12:0 a.m.6 views

PT-2024-19487 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: swftools version 0.9.2 Description: The issue is related to a Stack Buffer Underflow in the dict foreach keyvalue function located at swftools/lib/q.c. This can potentially lead to a denial of service. Recommendations: For swftools version...

7.8CVSS7.3AI score0.00285EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.23 views

Rocky Linux 8 : libreoffice (RLSA-2022:7461)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7461 advisory. - LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since...

7.5CVSS7.7AI score0.00981EPSS
Exploits0References3
NVD
NVD
added 2022/06/16 12:15 p.m.26 views

CVE-2021-41654

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php...

9.8CVSS0.01011EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/06/16 12:15 p.m.2 views

CVE-2021-41654

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php...

9.8CVSS7.6AI score0.01011EPSS
Exploits1References2
Prion
Prion
added 2022/06/16 12:15 p.m.13 views

Sql injection

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php...

7.5CVSS10AI score0.01011EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/06/16 11:22 a.m.34 views

CVE-2021-41654

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php...

10AI score0.01011EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2022/04/13 12:0 a.m.17 views

The vulnerability of the LibreOffice office software package lies in its improper verification of the cryptographic signature, allowing a hacker to circumvent security restrictions.

The vulnerability of the LibreOffice office software package is related to incorrect verification of the cryptographic signature when using the “X509Data” and “KeyValue” values. Exploiting this vulnerability can allow an attacker to circumvent security restrictions by using a specially created OD...

6.3CVSS7.4AI score0.00981EPSS
Exploits0References12Affected Software5
UbuntuCve
UbuntuCve
added 2022/02/24 3:15 p.m.37 views

CVE-2021-25636

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to...

7.5CVSS7.2AI score0.00981EPSS
Exploits0References3
Prion
Prion
added 2022/02/24 3:15 p.m.90 views

Input validation

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to...

5CVSS7.3AI score0.00981EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder