Fallos del tipo CWE-917
49 resultadosCVE-2021-26084CRITICALIn affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attackEPSS 100.0%KEVCVE-2022-26134CRITICALIn affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attackEPSS 100.0%KEVCVE-2021-45046CRITICALApache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attackEPSS 100.0%KEVCVE-2020-10199HIGHSonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).EPSS 99.1%KEVCVE-2020-17530CRITICALForced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache StEPSS 95.9%KEVCVE-2021-31805—Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.EPSS 85.1%CVE-2010-1871HIGHJBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for EPSS 83.4%KEVCVE-2025-41243CRITICALSpring Expression Language property modification using Spring Cloud Gateway Server WebFluxEPSS 3.3%CVE-2022-23463CRITICALSpEL Injection in Nepxion DiscoveryEPSS 1.7%CVE-2023-51593CRITICALVoltronic Power ViewPower Pro Expression Language Injection Remote Code Execution VulnerabilityEPSS 1.6%CVE-2023-27821CRITICALDatabasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockDataScript parameter.EPSS 1.5%CVE-2023-41331CRITICALSOFARPC Remote Command Execution (RCE) VulnerabilityEPSS 1.3%CVE-2023-22665—Apache Jena: Exposure of arbitrary execution in script engine expressions.EPSS 1.3%CVE-2022-45855HIGHApache Ambari: Allows authenticated metrics consumers to perform RCEEPSS 1.1%CVE-2022-42009HIGHApache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application.EPSS 1.1%CVE-2023-32200HIGHApache Jena: Exposure of execution in script engine expressions.EPSS 1.0%CVE-2026-39842CRITICALOpenRemote is Vulnerable to Expression InjectionEPSS 0.9%CVE-2023-26092CRITICALLiima before 1.17.28 allows server-side template injection.EPSS 0.9%CVE-2026-2586CRITICALAn authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the pEPSS 0.8%CVE-2026-40477CRITICALImproper restriction of the scope of accessible objects in Thymeleaf expressionsEPSS 0.6%