721 matches found
Arbitrary Code Injection
Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
Arbitrary Code Injection
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Arbitrary Code Injection
Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Arbitrary Code Injection
Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...
Arbitrary Code Injection
Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Arbitrary Code Injection
Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Arbitrary Code Injection
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
Arbitrary Code Injection
Overview dtale is a Web Client for Visualizing Pandas Objects Affected versions of this package are vulnerable to Arbitrary Code Injection via the /save-column-filter endpoint due to the improper validation of input to pandas' DataFrame.query used to construct Column filters. An attacker can...
Arbitrary Code Injection
Overview semantic-kernel is a Semantic Kernel Python SDK Affected versions of this package are vulnerable to Arbitrary Code Injection via the InMemoryVectorStore filter functionality due to lack of filtering for dangerous dunder attributes. An attacker can escape the sandbox and execute arbitrary...
CVE-2026-22422 WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through = 3.4.1...
Arbitrary Code Injection
Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Arbitrary Code Injection via the data shuffling tutorial process. An attacker can execute arbitrary code, escalate privileges, disclose sensiti...
Arbitrary Code Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Code Injection via the incorporation of untrusted Slack channel metadata into the system prompt. An attacker can execute unauthorized commands or access sensitive information by...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the SpecificCompiler class, when handling untrusted Avro schemas. An attacker can execute code by supplying a malicious schema with commands injected in doc comment values, which can be executed during...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...
CVE-2026-1615
Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can...
CVE-2026-1615
Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can...
PT-2026-7066
Name of the Vulnerable Software and Affected Versions jsonpath affected versions not specified Description The package jsonpath is susceptible to Arbitrary Code Injection due to unsafe evaluation of user-supplied JSON Path expressions. The library utilizes the static-eval module to process JSON...
Arbitrary Code Injection
Overview fermat-mcp is a MCP Server for mathematical computation and plotting. Affected versions of this package are vulnerable to Arbitrary Code Injection via the eqnchart function. An attacker can execute arbitrary code by supplying crafted input to the equations argument. Remediation There is ...
Arbitrary Code Injection
Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Arbitrary Code Injection by overriding the Map.prototype.has method. An attacker can execute arbitrary code on the underlying operating system because Map is included in SAFEPROTOYPE...