Total
187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-41243 | 2026-04-15 | N/A | 10.0 CRITICAL | ||
| Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * Spring Boot actuator is a dependency. * The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway. * The actuator endpoints are available to attackers. * The actuator endpoints are unsecured. | |||||
| CVE-2026-22729 | 1 Vmware | 1 Spring Ai | 2026-04-01 | N/A | 8.6 HIGH |
| A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping, enabling attackers to inject arbitrary JSONPath logic and access unauthorized documents. This vulnerability affects applications using vector stores that extend AbstractFilterExpressionConverter for multi-tenant isolation, role-based access control, or document filtering based on metadata. The vulnerability occurs when user-supplied values in filter expressions are not escaped before being inserted into JSONPath queries. Special characters like ", ||, and && are passed through unescaped, allowing injection of arbitrary JSONPath logic that can alter the intended query semantics. | |||||
| CVE-2026-24713 | 1 Apache | 1 Iotdb | 2026-03-10 | N/A | 9.8 CRITICAL |
| Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue. | |||||
| CVE-2020-10199 | 1 Sonatype | 1 Nexus | 2025-11-07 | 9.0 HIGH | 8.8 HIGH |
| Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). | |||||
| CVE-2022-22947 | 2 Oracle, Vmware | 10 Commerce Guided Search, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Console and 7 more | 2025-10-30 | 6.8 MEDIUM | 10.0 CRITICAL |
| In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. | |||||
| CVE-2022-22963 | 2 Oracle, Vmware | 28 Banking Branch, Banking Cash Management, Banking Corporate Lending Process Management and 25 more | 2025-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | |||||
| CVE-2020-17530 | 2 Apache, Oracle | 8 Struts, Business Intelligence, Communications Diameter Intelligence Hub and 5 more | 2025-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. | |||||
| CVE-2021-45046 | 7 Apache, Cvat, Debian and 4 more | 61 Log4j, Computer Vision Annotation Tool, Debian Linux and 58 more | 2025-10-27 | 5.1 MEDIUM | 9.0 CRITICAL |
| It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. | |||||
| CVE-2021-26084 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-10-24 | 7.5 HIGH | 9.8 CRITICAL |
| In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. | |||||
| CVE-2022-26134 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-10-24 | 7.5 HIGH | 9.8 CRITICAL |
| In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1. | |||||
| CVE-2023-51593 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 9.8 CRITICAL |
| Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Struts2 dependency. The issue results from the use of a library that is vulnerable to expression language injection. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22095. | |||||
| CVE-2024-51466 | 1 Ibm | 1 Cognos Analytics | 2025-07-02 | N/A | 9.0 CRITICAL |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement. | |||||
| CVE-2023-26092 | 1 Puzzle | 1 Liima | 2025-03-17 | N/A | 9.8 CRITICAL |
| Liima before 1.17.28 allows server-side template injection. | |||||
| CVE-2023-27821 | 1 Databasir | 1 Databasir | 2025-02-18 | N/A | 9.8 CRITICAL |
| Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockDataScript parameter. | |||||
| CVE-2023-20863 | 1 Vmware | 1 Spring Framework | 2025-02-07 | N/A | 6.5 MEDIUM |
| In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | |||||
| CVE-2024-9672 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2025-01-30 | N/A | 5.4 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur. | |||||
| CVE-2024-5828 | 4 Hitachi, Linux, Microsoft and 1 more | 4 Tuning Manager, Linux Kernel, Windows and 1 more | 2025-01-08 | N/A | 8.6 HIGH |
| Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00. | |||||
| CVE-2023-41331 | 1 Sofastack | 1 Sofarpc | 2024-11-21 | N/A | 9.8 CRITICAL |
| SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out dangerous classes encountered during the deserialization process. However, the blacklist is not comprehensive, and an actor can exploit certain native JDK classes and common third-party packages to construct gadget chains capable of achieving JNDI injection or system command execution attacks. Version 5.11.0 contains a fix for this issue. As a workaround, users can add `-Drpc_serialize_blacklist_override=javax.sound.sampled.AudioFileFormat` to the blacklist. | |||||
| CVE-2023-32200 | 1 Apache | 1 Jena | 2024-11-21 | N/A | 8.8 HIGH |
| There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0. | |||||
| CVE-2023-22665 | 1 Apache | 1 Jena | 2024-11-21 | N/A | 5.4 MEDIUM |
| There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query. | |||||