WordPress plugin Molla 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

ROS-20251217-7323

A vulnerability in the Redis database management system DBMS is related to mismanagement of code generation. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

CVE-2025-66533

Improper Control of Generation of Code 'Code Injection' vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through = 4.13.1...

[SECURITY] Fedora 42 Update: CuraEngine-5.4.0-10.fc42

CuraEngine is a C++ console application for 3D printing G-code generation. It has been made as a better and faster alternative to the old Skeinforge engine. This is just a console application for G-code generation. For a full graphical application look at cura with is the graphical frontend for...

[SECURITY] Fedora 43 Update: CuraEngine-5.4.0-10.fc43

CuraEngine is a C++ console application for 3D printing G-code generation. It has been made as a better and faster alternative to the old Skeinforge engine. This is just a console application for G-code generation. For a full graphical application look at cura with is the graphical frontend for...

LLM-CSEC: Empirical Evaluation of Security in C/C++ Code Generated by Large Language Models

The security of code generated by large language models LLMs is a significant concern, as studies indicate that such code often contains vulnerabilities and lacks essential defensive programming constructs. This work focuses on examining and evaluating the security of LLM-generated code,...

DUALGUAGE: Automated Joint Security-Functionality Benchmarking for Secure Code Generation

Large language models LLMs and autonomous coding agents are increasingly used to generate software across a wide range of domains. Yet a core requirement remains unmet: ensuring that generated code is secure without compromising its functional correctness. Existing benchmarks and evaluations for...

EUVD-2025-198338

An issue was discovered in weijiang1994 university-bbs aka Blogin in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 2025-01-13. A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without...

TencentOS Server 4: firefox (TSSA-2024:0162)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0162 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Grid-STIX: A STIX 2.1-Compliant Cyber-Physical Security Ontology for Power Grid

Modern electrical power grids represent complex cyber-physical systems requiring specialized cybersecurity frameworks beyond traditional IT security models. Existing threat intelligence standards such as STIX 2.1 and MITRE ATT&CK lack coverage for grid-specific assets, operational technology...

CVE-2025-23361

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and da...

CVE-2025-12637

The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the processtheme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

PT-2025-46705

Name of the Vulnerable Software and Affected Versions Dell SmartFabric OS10 Software versions prior to 10.6.1.0 Description Dell SmartFabric OS10 Software versions prior to 10.6.1.0 contain an Improper Control of Generation of Code issue, also known as a Code Injection issue. A local attacker wit...

CVE-2025-23361

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and da...

PT-2025-46373

Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework affected versions not specified Description The NVIDIA NeMo Framework contains a flaw in a script that could allow an attacker to manipulate code generation with malicious input. Exploitation of this issue may result in...

CVE-2025-49372

Improper Control of Generation of Code 'Code Injection' vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through = 1.0.7...

CVE-2025-49372

Improper Control of Generation of Code 'Code Injection' vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through = 1.0.7...

CVE-2025-32222

Improper Control of Generation of Code 'Code Injection' vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through = 6.0.5...

PT-2025-45190

Improper Control of Generation of Code 'Code Injection' vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through = 6.0.5...

[SECURITY] Fedora 42 Update: openapi-python-client-0.26.2-4.fc42

The openapi-python-client is a powerful tool designed to generate modern Python clients from OpenAPI 3.0+ documents supporting both synchronous and asynchronous HTTP requests. It automates the creation of Python classes and methods that correspond to the endpoints and schema defined in your OpenA...