Lucene search
K

8 matches found

NVD
NVD
added 2026/02/24 9:16 a.m.6 views

CVE-2025-11165

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

9.9CVSS0.00303EPSS
Exploits0References1
OSV
OSV
added 2026/02/24 9:16 a.m.7 views

CVE-2025-11165

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

9.9CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/24 8:27 a.m.7 views

CVE-2025-11165

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

9.4CVSS5.9AI score0.00303EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/24 8:27 a.m.6 views

CVE-2025-11165

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

9.4CVSS5.8AI score0.00303EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/24 8:27 a.m.7 views

EUVD-2025-207542

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

9.4CVSS5.9AI score0.00303EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 8:27 a.m.15 views

CVE-2025-11165

Affects dotCMS with its Velocity scripting engine (VTools). The issue is a sandbox escape where authenticated users with scripting privileges can bypass SecureUberspectorImpl protections by dynamically altering the Velocity runtime configuration and reinitializing its Uberspect, removing introspe...

9.9CVSS5.9AI score0.00303EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/24 8:27 a.m.19 views

CVE-2025-11165

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

9.4CVSS0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.3 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in Google Android that stems from a method that may bypass per-package channel restrictions in multiple functions of NotificationManagerService.java, resulting in...

5.5CVSS6.5AI score0.00082EPSS
Exploits0References3
Rows per page
Query Builder