RHEL 10 : qt6-qtdeclarative (RHSA-2026:24987)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24987 advisory. Qt6 - QtDeclarative component. Security Fixes: qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file CVE-2025-14576 For more...

CVE-2026-50223

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

CVE-2026-45583

Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...

Code Injection

Yamcs is vulnerable to Code Injection. The vulnerability is due to the dynamic compilation and execution of user-controlled Python algorithm code through Jython without a secure sandbox, which allows an authenticated attacker to execute arbitrary code on the underlying host system...

qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file

A flaw was found in the Qt SVG module and the VectorImage component in Qt Quick. This vulnerability allows a remote attacker to inject arbitrary QML/JavaScript code by tricking a user into loading a specially crafted malicious SVG file. Successful exploitation could lead to denial of service,...

PT-2026-48576

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.07 Description Improper Control of Generation of Code allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks. This can lead to Remote...

lmdeploy 代码注入漏洞

lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of lmdeploy prior to 0.12.3 have a code injection vulnerability, which stems from the hard-coded trustremotecode=True setting. This vulnerability could lead to remote code execution within the...

lmdeploy 代码注入漏洞

lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of lmdeploy prior to 0.12.3 have a code injection vulnerability. This vulnerability stems from the hardcoding of trustremotecode=True at multiple HuggingFace model loading points, which may allow...

Apache OFBiz 代码注入漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.07 had a code injection vulnerability. This vulnerability stemmed from improper co...

EUVD-2026-31112

PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenixstorybook playground...

EUVD-2026-35681

Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...

CVE-2026-45583

Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...

CVE-2026-45583

CVE-2026-45583 involves Microsoft Exchange Server and is described as an improper control of generation of code (code injection) that enables an unauthenticated attacker to execute code over the network. The CVSS 3.1 base score is 7.5 (HIGH) with NETWORK attack vector, HIGH impact on confidential...

Exploit for CVE-2017-20251

CVE-2017-20251: Insert PHP Plugin PHP Code Injection Vulne...

CVE-2017-20251 WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint...

CVE-2017-20251

CVE-2017-20251 affects WordPress Insert PHP plugin versions prior to 3.3.1. The vulnerability is a PHP code injection via the REST API, allowing unauthenticated attackers to execute arbitrary PHP by injecting an insert_php shortcode through POST requests to wp-json/wp/v2/posts, enabling remote PH...

EUVD-2026-35334

Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through...

PT-2026-47977

Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...

WordPress plugin Insert PHP 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

NETGEAR Routers 代码注入漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a code injection vulnerability, which stems from insufficient input validation in the rbe970 model. This vulnerability could allow administrators who are connected to the local networ...