Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...

Arbitrary Code Injection

Overview org.apache.iotdb:iotdb-server is a data management system for time series data, which can provide users specific services, such as, data collection, storage and analysis. Affected versions of this package are vulnerable to Arbitrary Code Injection through the registration of user-defined...

Arbitrary Code Injection

Overview unisharp/laravel-filemanager is an A file upload/editor intended for use with Laravel 5 to 6 and CKEditor / TinyMCE. Affected versions of this package are vulnerable to Arbitrary Code Injection through using a valid mimetype and inserting the . character after the php file extension. Thi...

Arbitrary Code Injection

Overview factool is a Factuality Detection for Generative AI Affected versions of this package are vulnerable to Arbitrary Code Injection through the runsingle and run functions in the class pythonexecutor due to using the exec function to execute user-provided input without any form of validatio...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper handling of long command line inputs. An attacker can cause the application to crash by supplying an excessively long command line input. This is only exploitable if the application is running on...

Arbitrary Code Injection

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Arbitrary Code Injection through the EQUELLA repository integration. An attacker can execute arbitrary code by exploiting insufficient validation of user-supplied input in this component. This is on...

Arbitrary Code Injection

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Arbitrary Code Injection via the Moodle LMS Dropbox repository. An attacker can execute arbitrary code by exploiting insufficient input validation and code sanitization mechanisms. Note: This is onl...

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection via the template rendering engine. An attacker can execute arbitrary code on the server by injecting malicious code into templates that are then executed by the serve...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the admin/service/run process. An attacker can execute arbitrary code on the server by sending crafted requests. Remediation There is no fixed version for litepubl/cms. References - GitHub Issue...

CVE-2025-27429

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating...

PT-2025-15368 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA affected versions not specified Description: The issue allows an attacker with user privileges to exploit a flaw in the function module exposed via RFC, enabling the injection of arbitrary ABAP code into the system and bypassing...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the Open function of the file lmdeploy/docs/en/conf.py. An attacker can manipulate the input to execute arbitrary code by crafting malicious input that is processed by this function. Remediation There is...

Arbitrary Code Injection

Overview llama-stack is a Llama Stack Affected versions of this package are vulnerable to Arbitrary Code Injection due to using 'eval' on server there is a security risk, a potential code injection vulnerability. Remediation Upgrade llama-stack to version 0.1.5.1 or higher. References - GitHub...

Exploit for Code Injection in Pdfmake_Project Pdfmake

CVE-2024-25180 Overview pdfmake is a pure JavaScript clien...

Arbitrary Code Injection

Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Arbitrary Code Injection via the alteration of the JDBC connection configuration. An attacker can execute arbitrary code by modifying the JDBC settings if they gain...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the alteration of the JDBC connection configuration. An attacker can execute arbitrary code by modifying the JDBC settings if they gain system or project admin permissions. Remediation Upgrade...

CVE-2025-30091

In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available...

Linux Distros Unpatched Vulnerability : CVE-2021-23358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function,...

Arbitrary Code Injection

Overview org.webjars.npm:prismjs is a lightweight, robust, elegant syntax highlighting library. Affected versions of this package are vulnerable to Arbitrary Code Injection via the document.currentScript lookup process. An attacker can manipulate the web page content and execute unintended action...

Arbitrary Code Injection

Overview org.webjars:prismjs is a lightweight, robust, elegant syntax highlighting library. Affected versions of this package are vulnerable to Arbitrary Code Injection via the document.currentScript lookup process. An attacker can manipulate the web page content and execute unintended actions by...