GHSA-VMWP-VH32-RJ75 Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override

Remote Code Execution via Mission Database algorithm override Summary The Nashorn ScriptEngine used to evaluate user-supplied algorithm text in MdbOverrideApi.updateAlgorithm is constructed without a ClassFilter, allowing a user with the ChangeMissionDatabase privilege to execute arbitrary Java...

Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override

Remote Code Execution via Mission Database algorithm override Summary The Nashorn ScriptEngine used to evaluate user-supplied algorithm text in MdbOverrideApi.updateAlgorithm is constructed without a ClassFilter, allowing a user with the ChangeMissionDatabase privilege to execute arbitrary Java...

PT-2026-44161

Name of the Vulnerable Software and Affected Versions Yamcs versions 4.7.3 through 5.12.6 Description The Nashorn ScriptEngine used to evaluate user-supplied algorithm text is constructed without a ClassFilter. This allows a user with the ChangeMissionDatabase privilege to execute arbitrary Java...

Expression Injection in OpenRemote

Summary The OpenRemote IoT platform's rules engine contains two interrelated critical expression injection vulnerabilities that allow an attacker to execute arbitrary code on the server, ultimately achieving full server compromise. - Unsandboxed Nashorn JavaScript Engine: JavaScript rules are...

CVE-2026-3968

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

CVE-2026-3968

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

CVE-2026-3968

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

OpenJDK: arbitrary Java code execution in Nashorn (8314284)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

PT-2022-2317 · Apache · Apache Cassandra

Name of the Vulnerable Software and Affected Versions: Apache Cassandra versions prior to 3.0.26 Apache Cassandra versions prior to 3.11.12 Apache Cassandra versions prior to 4.0.2 Description: The issue is related to the incorrect management of code generation in Apache Cassandra, which can allo...

DEBIAN-CVE-2018-17191

Apache NetBeans incubating 9.0 NetBeans Proxy Auto-Configuration PAC interpretation is vulnerable for remote command execution RCE. Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent...

PT-2018-3343 · Apache · Apache Netbeans

Name of the Vulnerable Software and Affected Versions: Apache NetBeans versions 9.0 Description: The issue is related to the Proxy Auto-Configuration PAC file in the Apache NetBeans development environment, which fails to neutralize script code in attributes on a web page. This can allow a remote...

OpenJDK: Nashorn incompletely blocking access to Java APIs (Scripting, 8171539)

It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions...