mruby nregs codegen.c scope_new heap-based overflow

...

CVE-2025-54731

Improper Control of Generation of Code 'Code Injection' vulnerability in emarket-design YouTube Showcase youtube-showcase allows Object Injection.This issue affects YouTube Showcase: from n/a through = 3.5.1...

Detecting Stealthy Data Poisoning Attacks in AI Code Generators

Deep learning DL models for natural language-to-code generation have become integral to modern software development pipelines. However, their heavy reliance on large amounts of data, often collected from unsanitized online sources, exposes them to data poisoning attacks, where adversaries inject...

CVE-2025-48100

Improper Control of Generation of Code 'Code Injection' vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Remote Code Inclusion.This issue affects bidorbuy Store Integrator: from n/a through = 2.12.0...

Apache OFBiz Code Execution Vulnerability (CNVD-2025-20870)

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code execution vulnerability exists in Apache OFBiz versions prior to 24.09.02 that stems from improper...

A.S.E: a Repository-Level Benchmark for Evaluating Security in AI-Generated Code

The increasing adoption of large language models LLMs in software engineering necessitates rigorous security evaluation of their generated code. However, existing benchmarks are inadequate, as they focus on isolated code snippets, employ unstable evaluation methods that lack reproducibility, and...

CVE-2025-30975

Improper Control of Generation of Code 'Code Injection' vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Code Injection.This issue affects Add Custom Codes: from n/a through = 4.80...

CVE-2025-48169

Improper Control of Generation of Code 'Code Injection' vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects Code Engine: from n/a through = 0.3.3...

CVE-2025-53577

Improper Control of Generation of Code 'Code Injection' vulnerability in thehp Global DNS global-dns allows Remote Code Inclusion.This issue affects Global DNS: from n/a through = 3.1.0...

CVE-2025-48169

Improper Control of Generation of Code 'Code Injection' vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects Code Engine: from n/a through = 0.3.3...

CVE-2025-30975

CVE-2025-30975 affects the WordPress plugin Add Custom Codes (versions up to 4.80). The issue is described as Improper Control of Generation of Code (Code Injection) allowing Remote Code Execution for authenticated users (Contributor+). Documents confirm the vulnerability is still unpatched (Patc...

CVE-2025-53577

CVE-2025-53577 : WordPress plugin Global DNS (versions up to 3.1.0) suffers an improper control of code generation leading to Remote Code Execution (RCE)/Remote Code Inclusion. The issue, described as a Code Injection vulnerability, is exploitable remotely over the network and is rated with a hig...

CVE-2025-54019

The CVE-2025-54019 entry pertains to the WordPress Alone (Alone) plugin/theme, with an Arbitrary Code Execution vulnerability caused by improper control of code generation. Affected versions are listed as

PT-2025-34002 · WordPress · Bearsthemes Alone

Name of the Vulnerable Software and Affected Versions: Bearsthemes Alone affected versions not specified Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Bearsthemes Alone allows Code Injection. Recommendations: At the moment, there is no information about a...

WordPress plugin Alone 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on servers running PHP and MySQL, and the WordPre...

PT-2025-33908 · Unknown · Saifumak Add Custom Codes

Name of the Vulnerable Software and Affected Versions: SaifuMak Add Custom Codes versions through 4.80 Description: An improper control of generation of code 'Code Injection' issue exists in SaifuMak Add Custom Codes, allowing code injection. Recommendations: At the moment, there is no informatio...

WordPress plugin Code Engine 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Add Custom Codes 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Linux Distros Unpatched Vulnerability : CVE-2024-7883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secu...

Apache OFBiz 安全漏洞

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code execution vulnerability exists in Apache OFBiz versions prior to 24.09.02 that stems from improper...