Arbitrary Code Injection

Overview redshift-connector is a Redshift interface library Affected versions of this package are vulnerable to Arbitrary Code Injection due to the use of eval on untrusted data received from the server, in the vectorin function. An attacker can execute arbitrary code on the client system by...

CVE-2026-8838

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

CVE-2026-8838

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

PT-2026-41734

Name of the Vulnerable Software and Affected Versions amazon-redshift-python-driver versions prior to 2.1.14 Description Unsafe use of Python's eval function on data received from a server within the vector in function allows a rogue server or man-in-the-middle actor to execute arbitrary code on...

zot-registry-2.1.14-1.1 on GA media (moderate)

zot-registry-2.1.14-1.1 on GA media Announcement ID: openSUSE-SU-2026:10100-1 Rating: moderate Cross-References: CVE-2025-30204 CVSS scores: CVE-2025-30204 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-30204 SUSE : 8.7...

OPENSUSE-SU-2026:10100-1 zot-registry-2.1.14-1.1 on GA media

These are all security issues fixed in the zot-registry-2.1.14-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

CVE-2023-54335 eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

eXtplorer 访问控制错误漏洞

eXtplorer is a PHP-based file manager by soerennb individual developer. An access control error vulnerability exists in eXtplorer version 2.1.14, which stems from an authentication bypass that could allow an attacker to upload malicious PHP files and execute remote commands...

CVE-2025-12505

The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the createitempermissionscheck function. This makes it possible for authenticated...

CVE-2025-12505 weDocs <= 2.1.14 - Missing Authorization to Settings Update

The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the createitempermissionscheck function. This makes it possible for authenticated...

PT-2025-47205

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Local versions 2.1.0 through 2.1.14 Description IBM Planning Analytics Local versions 2.1.0 through 2.1.14 stores sensitive information within its source code. This could potentially be leveraged in subsequent attacks...

CVE-2023-7321

Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-site scripting XSS via the Snapshots Page. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in the victim’s browser within the application...

CVE-2025-12475

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

PT-2025-44493

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2.1.14 Description Nagios Log Server is affected by a cross-site scripting XSS issue through the Snapshots Page. The application does not properly encode untrusted log content before displaying it, which...

PT-2025-44370

Name of the Vulnerable Software and Affected Versions Blocksy Companion plugin for WordPress versions up to and including 2.1.14 Description The Blocksy Companion plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'blocksy newsletter subscribe' shortcode. This is due t...

EUVD-2022-50198

Malicious code in bioql PyPI...

EUVD-2023-47686

Malicious code in bioql PyPI...

CVE-2023-41619

Emlog Pro v2.1.14 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/article.php?action=write...