CVE-2026-40985 Data Binding Vulnerability in Spring Web Flow with Unified EL Parser

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

Apache Syncope 安全漏洞

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration, and more. A security vulnerability exists in Apache Syncope versions 3.0 through...

Improper Input Validation

com.ibeetl:beetl-spring-classic is vulnerable to Improper Input Validation. The vulnerability is due to improper neutralization of special elements in expression language statements within the SpELFunction component, which allows an attacker to inject and execute malicious expressions remotely...

angular-expressions 安全漏洞

Angular-Expressions is an expression compilation and evaluation tool developed by Peerigon. Versions of Angular-Expressions prior to 1.5.2 contained a security vulnerability. This vulnerability allowed attackers to write malicious expressions using filters to escape the sandbox, potentially...

CVE-2026-40897

A flaw was found in mathjs, an extensive math library for JavaScript and Node.js. This vulnerability allows a remote attacker to execute arbitrary JavaScript code by evaluating malicious expressions through the mathjs expression parser. This can lead to a complete compromise of the affected...

Prototype Pollution

Overview org.webjars.npm:expr-eval is a WebJar for expr-eval Affected versions of this package are vulnerable to Prototype Pollution via the evaluation process, which accesses global values by searching for item.value in expr.functions. An attacker can access prototype, proto, constructor, and...

Linux Distros Unpatched Vulnerability : CVE-2017-4971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding proper...

spring-cloud-function: Remote code execution by malicious Spring Expression

A flaw was found in Spring Cloud Function via the spring.cloud.function.routing-expression header that is modified by the attacker to contain malicious expression language code. The attacker is able to call functions that should not normally be accessible, including runtime exec calls...

Pivotal Spring Web Flow Security Bypass Vulnerability(CVE-2017-4971)

Author: iswin@ThreatHunter A. Vulnerability description This vulnerability is in year 6 at the beginning has just been submittedtransfer Gate, the official and there is no detailed information, by the official Description and a patch of the contrast, we can roughly infer should be the Spring Web...

Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-03754 )

Apache Struts is an open source framework for creating enterprise Java Web applications. A remote code execution vulnerability exists in Struts2, which can be exploited by an attacker to remotely execute code using a REST plugin to invoke a malicious expression with dynamic methods enabled...

MGASA-2014-0534 Updated pcre packages fix security vulnerability

A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions CVE-2014-8964...