Login Sign Up

CWE-917: CWE-917

38
Total CVEs
29
Critical
7
High
9.3
Avg CVSS

Yearly Trend

2026
1
2025
1
2024
5
2023
5
2022
4

Top Affected Vendors

1 Hp 18
2 Apache 4
3 Hitachi 3
4 Atlassian 2
5 Canon 1
6 Voltronicpower 1
7 Fedoraproject 1
8 Sofastack 1
9 Ibm 1
10 Databasir 1

All CWE-917 CVEs (38)

CVE-2023-51593
9.8

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on Voltronic Power ViewPower Pro systems by exploiting expression...

May 3, 2024
CVE-2023-41331
9.8

SOFARPC versions before 5.11.0 are vulnerable to remote command execution through deserialization attacks. Attackers can bypass the incomplete blackli...

Sep 12, 2023
CVE-2023-27821
9.8

Databasir v1.0.7 contains a remote code execution vulnerability in the mockDataScript parameter that allows attackers to execute arbitrary code on aff...

Mar 28, 2023
CVE-2023-26092
9.8

CVE-2023-26092 is a server-side template injection vulnerability in Liima that allows attackers to execute arbitrary code on affected servers. This af...

Feb 20, 2023
CVE-2022-22980
9.8

CVE-2022-22980 is a SpEL injection vulnerability in Spring Data MongoDB that allows attackers to execute arbitrary code when using @Query or @Aggregat...

Jun 23, 2022
CVE-2022-26134
9.8

CVE-2022-26134 is a critical OGNL injection vulnerability in Atlassian Confluence Server and Data Center that allows unauthenticated attackers to exec...

Jun 3, 2022
CVE-2021-31805
9.8

This vulnerability in Apache Struts allows remote code execution when developers use forced OGNL evaluation (%{...} syntax) on untrusted user input. A...

Apr 12, 2022
CVE-2021-26084
9.8

CVE-2021-26084 is a critical OGNL injection vulnerability in Confluence Server and Data Center that allows unauthenticated attackers to execute arbitr...

Aug 30, 2021
CVE-2020-17530
9.8

This vulnerability in Apache Struts allows attackers to perform remote code execution by forcing OGNL evaluation on raw user input in tag attributes. ...

Dec 11, 2020
CVE-2020-7160
9.8

CVE-2020-7160 is a critical expression language injection vulnerability in HPE Intelligent Management Center (iMC) that allows remote attackers to exe...

Oct 19, 2020
CVE-2020-7162
9.8

CVE-2020-7162 is a critical expression language injection vulnerability in HPE Intelligent Management Center (iMC) that allows remote attackers to exe...

Oct 19, 2020
CVE-2020-7164
9.8

CVE-2020-7164 is a critical expression language injection vulnerability in HPE Intelligent Management Center (iMC) that allows remote attackers to exe...

Oct 19, 2020
CVE-2020-7166
9.8

This vulnerability allows remote attackers to execute arbitrary code on HPE Intelligent Management Center (iMC) systems by injecting malicious express...

Oct 19, 2020
CVE-2020-7168
9.8

CVE-2020-7168 is a critical expression language injection vulnerability in HPE Intelligent Management Center (iMC) that allows remote attackers to exe...

Oct 19, 2020
CVE-2020-7170
9.8

CVE-2020-7170 is a critical expression language injection vulnerability in HPE Intelligent Management Center (iMC) that allows remote attackers to exe...

Oct 19, 2020
CVE-2020-7172
9.8

CVE-2020-7172 is a critical template expression language injection vulnerability in HPE Intelligent Management Center (iMC) that allows remote attacke...

Oct 19, 2020
CVE-2020-7144
9.8

This vulnerability allows remote attackers to execute arbitrary code on HPE Intelligent Management Center (iMC) servers through expression language in...

Oct 19, 2020
CVE-2020-7146
9.8

This CVE describes a remote code execution vulnerability in HPE Intelligent Management Center (iMC) where attackers can inject malicious expressions i...

Oct 19, 2020
CVE-2020-7148
9.8

This CVE describes a critical expression language injection vulnerability in HPE Intelligent Management Center (iMC) that allows remote attackers to e...

Oct 19, 2020
CVE-2020-7150
9.8

This is a critical expression language injection vulnerability in HPE Intelligent Management Center (iMC) that allows remote attackers to execute arbi...

Oct 19, 2020
CVE-2020-7152
9.8

This CVE-2020-7152 is a critical expression language injection vulnerability in HPE Intelligent Management Center (iMC) that allows remote attackers t...

Oct 19, 2020
CVE-2020-7154
9.8

CVE-2020-7154 is an expression language injection vulnerability in HPE Intelligent Management Center (iMC) that allows remote attackers to execute arb...

Oct 19, 2020
CVE-2020-7156
9.8

This CVE describes a remote code execution vulnerability in HPE Intelligent Management Center (iMC) where an attacker can inject malicious expression ...

Oct 19, 2020
CVE-2020-7158
9.8

This vulnerability allows remote attackers to execute arbitrary code on HPE Intelligent Management Center (iMC) servers through expression language in...

Oct 19, 2020
CVE-2020-24650
9.8

This is a critical remote code execution vulnerability in HPE Intelligent Management Center (iMC) that allows attackers to execute arbitrary code by i...

Oct 19, 2020
CVE-2020-24652
9.8

CVE-2020-24652 is a critical expression language injection vulnerability in HPE Intelligent Management Center (iMC) that allows remote attackers to ex...

Oct 19, 2020
CVE-2020-7142
9.8

This CVE describes an expression language injection vulnerability in HPE Intelligent Management Center (iMC) that allows remote attackers to execute a...

Oct 19, 2020
CVE-2024-51466
9.0

IBM Cognos Analytics is vulnerable to Expression Language (EL) Injection, allowing remote attackers to execute malicious EL statements. This can lead ...

Dec 20, 2024
CVE-2021-45046
9.0

CVE-2021-45046 is an incomplete fix for the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j 2.15.0 that allows attackers to execute arbitrary...

Dec 14, 2021
CVE-2023-32200
8.8

This vulnerability allows remote attackers to execute arbitrary JavaScript code via specially crafted SPARQL queries in Apache Jena. It affects Apache...

Jul 12, 2023
CVE-2022-26111
8.8

CVE-2022-26111 allows remote code execution in IRISNext document management systems through BeanShell expressions in custom searches. Attackers can ex...

Apr 25, 2022
CVE-2024-5828
8.6

This Expression Language Injection vulnerability in Hitachi Tuning Manager allows attackers to execute arbitrary code by injecting malicious expressio...

Aug 6, 2024
CVE-2024-0715
7.6

This CVE describes an Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows that allows attackers to inject and execut...

Feb 20, 2024
CVE-2025-41253
7.5

Spring Cloud Gateway Server Webflux versions with exposed actuator endpoints can allow attackers to read environment variables and system properties v...

Oct 16, 2025
CVE-2020-26565
7.5

CVE-2020-26565 is an expression language injection vulnerability in ObjectPlanet Opinio's admin/permissionList.do endpoint that allows attackers to ex...

Jul 31, 2021
CVE-2022-4146
7.3

This CVE describes an Expression Language Injection vulnerability in Hitachi Replication Manager that allows attackers to inject and execute arbitrary...

Jul 18, 2023
CVE-2024-7552
6.3

This critical vulnerability in DataGear allows remote attackers to execute arbitrary code through expression language injection in the Data Schema Pag...

Aug 6, 2024
CVE-2025-11175
N/A

This CVE describes an Expression Language Injection vulnerability in MediaWiki's DiscussionTools extension that allows attackers to cause Regular Expr...

Jan 30, 2026

About CWE-917 (CWE-917)

Our database tracks 38 CVEs classified as CWE-917, with 29 rated critical and 7 rated high severity. The average CVSS score for CWE-917 vulnerabilities is 9.3.

External reference: View CWE-917 on MITRE CWE →

Monitor CWE-917 Vulnerabilities

Get alerted when new CWE-917 CVEs affect your infrastructure.

Start Monitoring Free