Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection via the script process. An attacker can execute arbitrary code, escalate privileges, disclose...

Arbitrary Code Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via th...

Arbitrary Code Injection

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Arbitrary Code Injection via the pandaseval function. An attacker can execute arbitrary code by supplying crafted input that bypasses input validation and leverages access to...

Arbitrary Code Injection

Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Arbitrary Code Injection via the processing of MkDocs hooks, when TechDocs is configured wit...

CVE-2026-24564 WordPress Textmetrics plugin <= 3.6.5 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...

Arbitrary Code Injection

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Arbitrary Code Injection due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. An attacker can execute arbitrary code on the server by...

Arbitrary Code Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Code Injection via the actionoutputstrtomapping function. An attacker can execute arbitrary code as the service account. Remediation There is no fixed version for metagpt. References -...

Arbitrary Code Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the code parameter in the validate endpoint. An attacker can execute arbitrary code with root...

Arbitrary Code Injection

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the code parameter in the validate endpoint. An attacker can execute arbitrary code with root privileges by sending a specially crafted request...

Arbitrary Code Injection

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Arbitrary Code Injection via the loadtoolmodulebyid function in the utils/plugin.py file. An attacker can execute arbitrary code in the context of the service account by supplying a crafted string that is not...

Arbitrary Code Injection

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of Python function components. An attacker can execute arbitrary code by introducing custom Python code into a workflow. Remediati...

CVE-2026-22469 WordPress DeepDigital theme <= 1.0.2 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through = 1.0.2...

Arbitrary Code Injection

Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...

Arbitrary Code Injection

Overview github.com/zalando/skipper is a HTTP router and reverse proxy for service composition Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by submitting malicious scripts when untrusted users are permitted to create lua filters...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the LivewireFilemanagerComponent.php process due to missing file type and MIME validation. An attacker can execute arbitrary code by uploading a malicious PHP file and accessing it via the /storage/ URL. This...

Arbitrary Code Injection

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Arbitrary Code Injection in the map function, where closures and arrays are not properly checked against the allow list. Note: This is a regression of the fix to CVE-2023-2017. Remediatio...

Arbitrary Code Injection

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Arbitrary Code Injection in the map function, where closures and arrays are not properly checked against the allow list. Note: This is a regression of...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the EnvoyExtensionPolicy resource. An attacker can execute arbitrary commands and access sensitive credentials by injecting malicious Lua scripts. This can lead to privilege escalation, theft of secrets, and...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the EnvoyExtensionPolicy resource. An attacker can execute arbitrary commands and access sensitive credentials by injecting malicious Lua scripts. This can lead to privilege escalation, theft of secrets, and...