Lucene search
K

11 matches found

NVD
NVD
added yesterday9 views

CVE-2026-58138

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.8CVSS
Exploits1References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-40377

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.8CVSS6.6AI score0.00594EPSS
Exploits1References5
CVE
CVE
added yesterday14 views

CVE-2026-58138

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.8CVSS6.6AI score
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/07/02 12:16 a.m.12 views

CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

9.8CVSS8.3AI score0.00594EPSS
Exploits0References1
OSV
OSV
added 2025/06/30 6:31 p.m.2 views

GHSA-8GQP-HR9G-PG62 Conductor vulnerable to OS command injection through unrestricted access to Java classes

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

9.8CVSS6.2AI score0.00594EPSS
Exploits0References5
NVD
NVD
added 2025/06/30 5:15 p.m.4 views

CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

9.8CVSS0.00594EPSS
Exploits0References3
OSV
OSV
added 2025/06/30 5:15 p.m.4 views

CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

9.8CVSS6AI score0.00594EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/30 12:0 a.m.3 views

PT-2025-27453 · Orkes · Orkes Conductor

Name of the Vulnerable Software and Affected Versions: Orkes Conductor version 3.21.11 Description: The issue allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes. This can lead to remote code execution in Orkes Conductor. Recommendations: Update to...

9.8CVSS9AI score0.00594EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2025/06/30 12:0 a.m.3 views

CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

7.7AI score0.00594EPSS
Exploits0References3
CVE
CVE
added 2025/06/30 12:0 a.m.41 views

CVE-2025-26074

Orkes Conductor v3.21.11 is affected. The issue arises from unrestricted access to Java classes, enabling remote command execution via the ScriptEvaluator path (inline JavaScript injection). Impact is OS command execution with high severity per CVSS, with network attack vector and no user interac...

9.8CVSS7.7AI score0.00594EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/30 12:0 a.m.9 views

CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

0.00594EPSS
Exploits0References3
Rows per page
Query Builder