Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
SSTI in Soagen Informatics' Apinizer
Data Binding Vulnerability in Spring Web Flow with Unified EL Parser
Spring Data REST SpEL Injection via Map Key in JSON Patch
Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator
Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget ha...
Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass
xiandafu beetl SpELFunction SpELFunction.java expression language injection
Thymeleaf: Improper recognition of unauthorized syntax patterns in sandboxed Thymeleaf expressions
Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs
OmniFaces: EL injection via crafted resource name in wildcard CDN mapping
SurrealDB Injection on Open Notebook
Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions
Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf
Improper restriction of the scope of accessible objects in Thymeleaf expressions
OpenRemote is Vulnerable to Expression Injection
DiscussionTools should use better regex
Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables
Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux
Showing 1 - 20 of 1,000+ results