Search Vulnerabilities

Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf

CVE-2026-40477

Improper restriction of the scope of accessible objects in Thymeleaf expressions

CVE-2026-39842

OpenRemote is Vulnerable to Expression Injection

Apr 14, 2026

CVE-2025-11175

DiscussionTools should use better regex

Jan 30, 2026

CVE-2025-41253

Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables

Oct 16, 2025

CVE-2025-41243

Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux

Sep 16, 2025

CVE-2025-3322

Improper Neutralization of Special Elements in OnlineSuite

Jun 6, 2025

CVE-2024-51466

IBM Cognos Analytics expression language injection

Dec 20, 2024

CVE-2024-12798

JaninoEventEvaluator vulnerability

Dec 19, 2024

CVE-2024-9672

Reflected XSS in PaperCut MF

Dec 9, 2024

CVE-2024-7552

DataGear Data Schema Page ConversionSqlParamValueMapper.java evaluateVariableExpression expression language injection

CVE-2024-5828

EL Injection Vulnerability in Hitachi Tuning Manager

CVE-2024-4286

Improper Neutralization of Special Elements in mintplex-labs/anything-llm

May 26, 2024

CVE-2023-51593

Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability

May 3, 2024

CVE-2024-0715

EL Injection Vulnerability in Hitachi Global Link Manager

Feb 20, 2024

CVE-2023-42658

InSpec Archive Command Vulnerable to Maliciously Crafted Profile

Oct 31, 2023

CVE-2023-41331

SOFARPC Remote Command Execution (RCE) Vulnerability

Sep 12, 2023

CVE-2022-4146

EL Injection Vulnerability in Hitachi Replication Manager

Jul 18, 2023

CVE-2022-45855

Apache Ambari: Allows authenticated metrics consumers to perform RCE

CVE-2022-42009

Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application.

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2026-40478

Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf

CVE-2026-40477

Improper restriction of the scope of accessible objects in Thymeleaf expressions

CVE-2026-39842

OpenRemote is Vulnerable to Expression Injection

Apr 14, 2026

CVE-2025-11175

DiscussionTools should use better regex

Jan 30, 2026

CVE-2025-41253

Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables

Oct 16, 2025

CVE-2025-41243

Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux

Sep 16, 2025

CVE-2025-3322

Improper Neutralization of Special Elements in OnlineSuite

Jun 6, 2025

CVE-2024-51466

IBM Cognos Analytics expression language injection

Dec 20, 2024

CVE-2024-12798

JaninoEventEvaluator vulnerability

Dec 19, 2024

CVE-2024-9672

Reflected XSS in PaperCut MF

Dec 9, 2024

CVE-2024-7552

DataGear Data Schema Page ConversionSqlParamValueMapper.java evaluateVariableExpression expression language injection

CVE-2024-5828

EL Injection Vulnerability in Hitachi Tuning Manager

CVE-2024-4286

Improper Neutralization of Special Elements in mintplex-labs/anything-llm

May 26, 2024

CVE-2023-51593

Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability

May 3, 2024

CVE-2024-0715

EL Injection Vulnerability in Hitachi Global Link Manager

Feb 20, 2024

CVE-2023-42658

InSpec Archive Command Vulnerable to Maliciously Crafted Profile

Oct 31, 2023

CVE-2023-41331

SOFARPC Remote Command Execution (RCE) Vulnerability

Sep 12, 2023

CVE-2022-4146

EL Injection Vulnerability in Hitachi Replication Manager

Jul 18, 2023

CVE-2022-45855

Apache Ambari: Allows authenticated metrics consumers to perform RCE

CVE-2022-42009

Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application.