Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.9 views

CVE-2026-41719

A flaw was found in Spring Data KeyValue. This vulnerability, known as a Spring Expression Language SpEL Injection, allows a remote attacker with low privileges to execute arbitrary expressions. This occurs when unsanitized user input is passed as a sorting parameter into a repository query metho...

6.4CVSS6AI score0.00202EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 12:16 a.m.12 views

CVE-2026-41719

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

6.4CVSS0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 p.m.7 views

CVE-2026-41719 Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

6.4CVSS5.5AI score0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.3 views

Shopware SQL注入漏洞

Shopware is a suite of e-commerce software from the German company Shopware.Shopware B2B-Suite 4.4.1 and prior versions are vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements applied to the sort-by parameter of the search function. An authenticat...

6.5CVSS6AI score0.01345EPSS
Exploits1References3
Rows per page
Query Builder