876 matches found
ROS-20260224-73-0023
A vulnerability in the Moodle virtual learning environment is related to improper code generation controls. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code and compromise the system...
ROS-20260224-73-0009
A vulnerability in the Apache Common Text library of FileMaker Server is related to improper control of code generation when using interpolation functions. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
On the Variability of Source Code in Maven Package Rebuilds
Rebuilding packages from open source is a common practice to improve the security of software supply chains, and is now done at an industrial scale. The basic principle is to acquire the source code used to build a package published in a repository such as Maven Central for Java, rebuild the...
CVE-2025-52744
Improper Control of Generation of Code 'Code Injection' vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through = 1.0...
CVE-2025-52744
Improper Control of Generation of Code 'Code Injection' vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through = 1.0...
CVE-2026-26974
CVE-2026-26974 (Slyde) affects Slyde versions 0.0.4 and earlier. The root cause is Node.js automatically importing any /**.plugin.{js,mjs} files, including those from node_modules, enabling a malicious package with a .plugin.js file to execute arbitrary code when installed or required. Impact is ...
PT-2026-21033
Name of the Vulnerable Software and Affected Versions Inpersttion For Theme versions n/a through 1.0 Description An improper control of generation of code issue, specifically a code injection, exists in Inpersttion For Theme. This allows for code injection. Recommendations Versions prior to 1.1 a...
CVE-2025-33042
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...
Assessing Spear-Phishing Website Generation in Large Language Model Coding Agents
Large Language Models are expanding beyond being a tool humans use and into independent agents that can observe an environment, reason about solutions to problems, make changes that impact those environments, and understand how their actions impacted their environment. One of the most common...
CVE-2026-1226
CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file...
CVE-2026-1226
CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file...
CVE-2026-1226
CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file...
CVE-2026-1226
CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file...
CVE-2026-1226
CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file...
PT-2026-7581
CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file...
SecCodePRM: A Process Reward Model for Code Security
Large Language Models are rapidly becoming core components of modern software development workflows, yet ensuring code security remains challenging. Existing vulnerability detection pipelines either rely on static analyzers or use LLM/GNN-based detectors trained with coarse program-level...
Can Developers Rely on LLMs for Secure IaC Development?
We investigated the capabilities of GPT-4o and Gemini 2.0 Flash for secure Infrastructure as Code IaC development. For security smell detection, on the Stack Overflow dataset, which primarily contains small, simplified code snippets, the models detected at least 71% of security smells when prompt...
CVE-2026-24871
Improper Control of Generation of Code 'Code Injection' vulnerability in pilgrimage233 Minecraft-Rcon-Manage.This issue affects Minecraft-Rcon-Manage: before 3.0...
CVE-2026-24806
Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...
EUVD-2026-4758
Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...