721 matches found
Arbitrary Code Injection
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection via insufficient validation in the cleanDangerousTwig function. An attacker can execute arbitrary commands on the...
Arbitrary Code Injection
Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Arbitrary Code Injection via insufficient validation of the User-Agent header in browser requests. An attacker can execute arbitrary code on the host...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the template management component in REDAXO CMS. An attacker can execute arbitrary operating system commands by injecting PHP code into an active template and triggering its execution when visitors access...
Arbitrary Code Injection
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via ya...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the CSS-to-JavaScript module conversion feature. An attacker can execute arbitrary JavaScript code by injecting $... expressions into CSS files, which are then evaluated when the resulting JavaScript module i...
Arbitrary Code Injection
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Arbitrary Code Injection through the PLAIN SQL file, which includes any meta-commands. An attacker can execute arbitrary commands on the server by supplying a crafted PLAIN-format SQL dump file during...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the oidc-claims-extension.groovy script when the claimsparametersupported parameter is enabled. An attacker can inject arbitrary values into claims returned in idtoken or userinfo by supplying a crafted JSON...
Arbitrary Code Injection
Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code, escalate privileges, disclose information, or tamper with dat...
CVE-2025-12486 Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability
Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Heimdall Data Database Proxy. Minimal user interaction is required to exploit this vulnerability. The specific...
Arbitrary Code Injection
Overview org.apache.synapse:synapse-core is an Apache Synapse - Core Affected versions of this package are vulnerable to Arbitrary Code Injection due to a lack of controls on the GraalJS and NashornJS Script Mediator engines. An attacker can execute arbitrary code with elevated privileges by...
Arbitrary Code Injection
Overview org.apache.synapse:synapse-extensions is an Apache Synapse - Extensions Affected versions of this package are vulnerable to Arbitrary Code Injection due to a lack of controls on the GraalJS and NashornJS Script Mediator engines. An attacker can execute arbitrary code with elevated...
Arbitrary Code Injection
Overview @cocalc/frontend is a CoCalc: Collaborative Calculation Affected versions of this package are vulnerable to Arbitrary Code Injection via uploading a crafted SVG file. An attacker can execute arbitrary code by uploading a specially crafted SVG file. Remediation A fix was pushed into the...
Arbitrary Code Injection
Overview org.webjars.npm:happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Arbitrary Code Injection due to default evaluation o...
EUVD-2018-20665
Malware in sbrugna...
EUVD-2021-1042
Malware in sbrugna...
EUVD-2008-6162
Malware in sbrugna...
EUVD-2020-30192
Malware in sbrugna...
EUVD-2020-6326
Malware in sbrugna...
EUVD-2006-1029
Malware in sbrugna...
EUVD-2021-18455
Malware in sbrugna...