Exploit for CVE-2024-53667

CVE-2024-53677 — How the Exploit Works and How to Run It V...

EUVD-2022-3954

Malicious code in bioql PyPI...

SUSE CVE-2025-53192

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities,...

CVE-2025-53192

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue​, the OGNL engine parses and evaluates the provided expression with powerful capabilities...

CVE-2025-53192 Apache Commons OGNL: Expression Injection leading to RCE

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue​, the OGNL engine parses and evaluates the provided expression with powerful capabilities...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

Confluence Pre-Auth Remote Code Execution via OGNL Injection...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 – Confluence OGNL injection vulnerability Sc...

SUSE CVE-2012-4387

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...

The vulnerability in the implementation of the OGNL expression transformation class for XWork command structures on the Apache Struts software platform allows attackers to circumvent security restrictions and execute arbitrary commands.

The vulnerability of the OGNL expression transformation class implementation in the XWork expression structure of the Apache Struts software framework is related to deficiencies in access control when using the ParametersInterceptor class with the parameter. Exploiting this vulnerability allows a...

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software framework is related to improper code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...

Denial of service in Apache Struts

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...

Apache Struts RCE Vulnerability

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...

GHSA-GGMP-FXFG-277R Apache Struts RCE Vulnerability

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...

Server side object manipulation in Apache Struts

OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the ''-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context objects. This behavior was already addressed in...

Code injection in Apache Struts

The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within...

OpenSymphony XWork vulnerable to improper input validation

XWork is an command-pattern framework that is used to power WebWork as well as other applications. Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression...

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center’s date center is related to deficiencies in the process of eliminating special elements from the output data used by the incoming component. This allows a perpetrator to execute arbitrary code.

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center are related to deficiencies in the process of eliminating special elements from the output data used by the incoming component. Exploiting this vulnerability allows a malicious actor to execute arbitrar...

Remote Code Execution (RCE)

struts2-core is vulnerable to remote code execution RCE. The vulnerability exists through the possibility of a forced double OGNL expression through the $itemValue expression in simple/radiomap.ftl...

Denial Of Service (DoS)

OpenSymphony XWork is vulnerable to denial of service. Object-Graph Navigation Language OGNL expressions are recursively evaluated when altSyntax is enabled. A remote attacker is able to submit a crafted input to cause an infinite loop which results in a denial of service condition. This...

Apache Struts2 S2-057 vulnerability analysis and early warning-vulnerability warning-the black bar safety net

It is possible to perform a RCE attack when the namespace value isn't set for a result defined in underlying xml configurations and in the same time, its upper actions configurations have no or wildcard namespace. The Same possibility when using the url tag which doesn't have value and action set...