CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

OSV•added 2026/04/12 12:30 p.m.•4 views

GHSA-822V-8W6H-5JXP Warm-Flow has a SpEL Expression Injection in SpelHelper.parseExpression

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

6.3CVSS6.3AI score0.00301EPSS

Exploits0References8

GithubExploit•added 2024/06/21 2:58 a.m.•361 views

Exploit for Injection in Datagear

CVE-2024-37759 PoC Description DataGear version 5.0.0 and...

9.8CVSS10AI score0.0282EPSS

Exploits2

IBM Security Bulletins•added 2024/03/22 4:5 p.m.•33 views

Security Bulletin: Vulnerability in Spring Data MongoDB might affect IBM Storage Copy Data Management. [CVE-2022-22980]

Summary IBM Storage Copy Data Management can be affected by a vulnerability in Spring Data MongoDB. A remote attacker could exploit this vulnerability to execute arbitrary code on the system as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-2298...

9.8CVSS9.6AI score0.16903EPSS

Exploits3Affected Software1

Vulnrichment•added 2024/03/15 7:55 p.m.•34 views

CVE-2024-28255 Authentication Bypass in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...

9.8CVSS7.8AI score0.73255EPSS

Exploits5References3

Wallarm Lab•added 2022/06/23 7:14 a.m.•76 views

Update on Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)

Background On June 20, 2022 Spring released Spring Data MongoDB 3.4.1 and 3.3.5 to address a critical CVE report: CVE-2022-22980: Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods. This vulnerability was originally reported on June 13, 2022...

6.8CVSS0.4AI score0.16903EPSS

Exploits3

GithubExploit•added 2022/04/14 11:10 a.m.•437 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

Spring Cloud Function SpEL Expression Injection Vulnerability...

9.8CVSS7.7AI score0.99939EPSS

Exploits36

CNVD•added 2022/03/25 12:0 a.m.•9 views

SPEL Expression Injection Vulnerability in Spring Cloud Function

Spring Cloud Function is a functional computing framework based on Spring Boot.Spring Cloud Function is vulnerable to SPEL expression injection, which can be exploited by attackers to perform injection attacks remotely via SPEL expression injection...

4.7AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by