Tag
high
advisory
CVE-2026-8759: xiandafu beetl SpEL Injection Vulnerability
2 rules 1 TTP 1 CVECVE-2026-8759 is a remote code execution vulnerability in xiandafu beetl up to 3.20.2, stemming from improper neutralization of special elements within the SpELFunction component, enabling remote exploitation.
beetl +1
spel-injection
rce
java
cve
2r
1t
1c
critical
advisory
Valtimo SpEL Injection Vulnerability Allows Remote Code Execution
2 rules 1 TTPValtimo is vulnerable to SpEL injection via StandardEvaluationContext, which allows Remote Code Execution by admin users who can execute arbitrary OS commands and exfiltrate sensitive information.
Valtimo document module +2
spel-injection
rce
valtimo
2r
1t
critical
advisory
Spring AI SimpleVectorStore SpEL Injection Vulnerability (CVE-2026-22738)
2 rules 1 TTPA SpEL injection vulnerability exists in Spring AI's SimpleVectorStore when a user-supplied value is used as a filter expression key, potentially allowing malicious actors to execute arbitrary code in vulnerable applications.
spel-injection
spring-ai
cve-2026-22738
code-execution
2r
1t