CVEs classified under CWE-917, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2025-3322: An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.
CVE-2026-11561 — CVSS 9.8 (critical): Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in…
CVE-2026-22738 — CVSS 9.8 (critical): In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A…
CVE-2026-24713 — CVSS 9.8 (critical): Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7…
CVE-2023-51593 — CVSS 9.8 (critical): Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers…
CVE-2023-41331 — CVSS 9.8 (critical): SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload…
CVE-2023-27821 — CVSS 9.8 (critical): Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockDataScript parameter.
CVE-2022-22980 — CVSS 9.8 (critical): A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL…
CVE-2021-31805 — CVSS 9.8 (critical): The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform…
CVE-2020-7172 — CVSS 9.8 (critical): A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7171 — CVSS 9.8 (critical): A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC)…
CVE-2020-7170 — CVSS 9.8 (critical): A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC)…
CVE-2020-7169 — CVSS 9.8 (critical): A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management…
CVE-2020-7168 — CVSS 9.8 (critical): A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7167 — CVSS 9.8 (critical): A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7166 — CVSS 9.8 (critical): A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent…
CVE-2020-7165 — CVSS 9.8 (critical): A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7164 — CVSS 9.8 (critical): A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7163 — CVSS 9.8 (critical): A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC)…
CVE-2020-7162 — CVSS 9.8 (critical): A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management…
CVE-2020-7161 — CVSS 9.8 (critical): A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7160 — CVSS 9.8 (critical): A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management…
CVE-2020-7159 — CVSS 9.8 (critical): A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management…
CVE-2020-7158 — CVSS 9.8 (critical): A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7157 — CVSS 9.8 (critical): A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7156 — CVSS 9.8 (critical): A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7155 — CVSS 9.8 (critical): A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC)…
CVE-2020-7154 — CVSS 9.8 (critical): A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7153 — CVSS 9.8 (critical): A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7152 — CVSS 9.8 (critical): A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC)…
CVE-2020-7151 — CVSS 9.8 (critical): A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management…
CVE-2020-7150 — CVSS 9.8 (critical): A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management…
CVE-2020-7149 — CVSS 9.8 (critical): A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management…
CVE-2020-7148 — CVSS 9.8 (critical): A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management…
CVE-2020-7147 — CVSS 9.8 (critical): A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7146 — CVSS 9.8 (critical): A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7145 — CVSS 9.8 (critical): A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7144 — CVSS 9.8 (critical): A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7143 — CVSS 9.8 (critical): A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7142 — CVSS 9.8 (critical): A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-7141 — CVSS 9.8 (critical): A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-24652 — CVSS 9.8 (critical): A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center…
CVE-2020-24651 — CVSS 9.8 (critical): A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management…
CVE-2020-24650 — CVSS 9.8 (critical): A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC)…