CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

RedhatCVE•added 2026/06/05 7:20 p.m.•7 views

CVE-2026-41883

OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...

8.1CVSS5.6AI score0.00382EPSS

Exploits0References1

NVD•added 2026/05/08 4:16 p.m.•10 views

CVE-2026-41883

8.1CVSS0.00382EPSS

Exploits0References1

Vulnrichment•added 2026/05/08 3:36 p.m.•6 views

CVE-2026-41883 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping

8.1CVSS5.8AI score0.00382EPSS

Exploits0References1

ATTACKERKB•added 2026/05/08 3:36 p.m.•5 views

CVE-2026-41883

8.1CVSS5.8AI score0.00382EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/08 3:36 p.m.•10 views

EUVD-2026-28794

8.1CVSS5.8AI score0.00382EPSS

Exploits0References1

Cvelist•added 2026/05/08 3:36 p.m.•32 views

CVE-2026-41883 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping

8.1CVSS0.00382EPSS

Exploits0References1

CVE•added 2026/05/08 3:36 p.m.•10 views

CVE-2026-41883

OmniFaces is affected by a server-side EL injection in CDNResourceHandler when using a wildcard CDN mapping (for example libraryName:=https://cdn.example.com/ ). An attacker can craft a resource request URL containing an EL expression in the resource name, which is evaluated server-side, leading ...

8.1CVSS5.8AI score0.00382EPSS

Exploits0References1

OSV•added 2026/04/16 9:31 p.m.•4 views

GHSA-VP6R-9M58-5XV8 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping

Impact Server-side EL injection leading to Remote Code Execution RCE. Affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g. libraryName:=https://cdn.example.com/. An attacker can craft a resource request URL containing an EL expression in the resource name, which is...

8.1CVSS5.9AI score0.00382EPSS

Exploits0References3

Positive Technologies•added 2026/04/16 12:0 a.m.•9 views

PT-2026-37154

Name of the Vulnerable Software and Affected Versions OmniFaces versions prior to 1.14.2 OmniFaces versions prior to 2.7.32 OmniFaces versions prior to 3.14.16 OmniFaces versions prior to 4.7.5 OmniFaces versions prior to 5.2.3 Description Server-side Expression Language EL injection allows for...

8.1CVSS5.9AI score0.00382EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by