DeepSecurity Perú

2 exploits Active since Feb 2026
CVE-2026-2586 NOMISEC CRITICAL WORKING POC
Eclipse Glassfish - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user. This issue affects Eclipse GlassFish: from 8.0.0 to 8.0.1, fixed in 8.0.2; 7.1.0, fixed in 7.1.1; from 7.0.0 to 7.0.25, fixed in 7.0.26. Impact on versions from 5.1.0 to 6.2.5 is unknown.
1 stars
CVSS 9.1
CVE-2025-14340 NOMISEC HIGH WORKING POC
Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 - Cross-Site Scripting via REST Management Interface
Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.