24 matches found
CVE-2026-41883
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...
CVE-2026-41883
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...
CVE-2026-41883
OmniFaces is affected by a server-side EL injection in CDNResourceHandler when using a wildcard CDN mapping (for example libraryName:=https://cdn.example.com/ ). An attacker can craft a resource request URL containing an EL expression in the resource name, which is evaluated server-side, leading ...
CVE-2026-41883 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...
CVE-2026-41883
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...
CVE-2026-41883 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...
omnifaces 安全漏洞
OmniFaces is an open-source JSF utility library developed by OmniFaces. There are security vulnerabilities in versions prior to 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3. These vulnerabilities stem from server-side EL injection, which may lead to remote code execution...
com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-22013 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)
org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-22013 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...
com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-22018 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)
org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-22018 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...
com.flowlogix.depchain:shiro-jakarta (>=101 <=115), de.muehlencord.pf-adm:pf-adm-spring-boot-autoconfigure (=0.2.0) +6 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=5.0-M2 <=5.2.2)
org.omnifaces:omnifaces MAVEN version =5.0-M2, =101, =5.0-M2, =5.0-M2, =6.0.4, =6.0.4, =6.1.0-m4 Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...
com.flowlogix:flowlogix-datamodel (>=4.0.1 <=4.0.9), com.flowlogix:flowlogix-jee (>=4.0.1 <=4.0.9) +25 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=3.1 <=3.14.12)
org.omnifaces:omnifaces MAVEN version =3.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =1.1.0, =1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.4 and more Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...
com.exactpro.sf:sailfish-frontend (>=3.2.1036 <=3.4.260), com.github.persapiens:jsf-bootsfaces-spring-boot-starter (>=1.6.0 <=1.7.3) +67 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=1.10 <=1.14.1)
org.omnifaces:omnifaces MAVEN version =1.10, =3.2.1036, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.3.0, =1.2.0, =1.6.0, =1.7.0, =1.3.0, =1.0.0, =1.6.0, =1.7.0, =1.7.3 and more Source cves: CVE-2026-41883https://vulners.com...
com.exactpro.sf:sailfish-frontend (>=3.2.1036 <=3.4.260), com.github.persapiens:jsf-bootsfaces-spring-boot-starter (>=1.6.0 <=1.7.3) +67 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=1.10 <=1.14.1)
org.omnifaces:omnifaces MAVEN version =1.10, =3.2.1036, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.3.0, =1.2.0, =1.6.0, =1.7.0, =1.3.0, =1.0.0, =1.6.0, =1.7.0, =1.7.3 and more Source cves: CVE-2026-41883https://vulners.com...
com.flowlogix.depchain:shiro-jakarta (>=101 <=115), de.muehlencord.pf-adm:pf-adm-spring-boot-autoconfigure (=0.2.0) +6 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=5.0-M2 <=5.2.2)
org.omnifaces:omnifaces MAVEN version =5.0-M2, =101, =5.0-M2, =5.0-M2, =6.0.4, =6.0.4, =6.1.0-m4 Source cves: CVE-2026-41883 Source advisory: SNYK:JAVA-ORGOMNIFACES-16638690...
GHSA-VP6R-9M58-5XV8 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping
Impact Server-side EL injection leading to Remote Code Execution RCE. Affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g. libraryName:=https://cdn.example.com/. An attacker can craft a resource request URL containing an EL expression in the resource name, which is...
com.flowlogix:flowlogix-datamodel (>=4.0.1 <=4.0.9), com.flowlogix:flowlogix-jee (>=4.0.1 <=4.0.9) +25 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=3.1 <=3.14.12)
org.omnifaces:omnifaces MAVEN version =3.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =1.1.0, =1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.4 and more Source cves: CVE-2026-41883 Source advisory: SNYK:JAVA-ORGOMNIFACES-16638690...
com.flowlogix.depchain:shiro-jakarta (>=18 <=100), com.flowlogix:jee-examples (>=6.0 <=9.0.3) +23 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=4.0-M16 <=4.7.3)
org.omnifaces:omnifaces MAVEN version =4.0-M16, =18, =6.0, =1.6.0, =1.0, =4.1.0, =4.6.5 and more Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...
co.luminositylabs.oss.ica.migration:legacy-data-viewer-webapp (=0.2.0), com.aripd:aricom (=1.0) +13 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=2.1 <=2.7.1)
org.omnifaces:omnifaces MAVEN version =2.1, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =1.0.0-RC1, =1.0.0, =0.1, =0.14 Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...
com.flowlogix.depchain:shiro-jakarta (>=18 <=100), com.flowlogix:jee-examples (>=6.0 <=9.0.3) +23 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=4.0-M16 <=4.7.3)
org.omnifaces:omnifaces MAVEN version =4.0-M16, =18, =6.0, =1.6.0, =1.0, =4.1.0, =4.6.5 and more Source cves: CVE-2026-41883 Source advisory: SNYK:JAVA-ORGOMNIFACES-16638690...
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via the CDNResourceHandler when a wildcard CDN mapping is configured. An attacker can execute arbitrary code, disclose...