PowerJob 代码注入漏洞

PowerJob is an open-source distributed computing and job scheduling framework developed by PowerJob. It allows developers to easily schedule tasks within their applications. Versions 5.1.0, 5.1.1, and 5.1.2 of PowerJob have code injection vulnerabilities. These vulnerabilities stem from incorrect...

ChurchCRM 代码注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a code injection vulnerability. This vulnerability stemmed from the $dbPassword variable not being cleaned during the installation process, which could lead to remote code execution and...

SiYuan 代码注入漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.6.4 contained a code injection vulnerability. This vulnerability stemmed from insecure escaping of table header contents, which could lead to storage-side cross-site scripti...

PT-2026-30993

Name of the Vulnerable Software and Affected Versions PowerJob versions 5.1.0 through 5.1.2 Description A security flaw exists in PowerJob versions 5.1.0 through 5.1.2. The issue is related to code injection resulting from the manipulation of the nodeParams argument within the...

CVE-2026-5692

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and cou...

CVE-2026-35197 Code injection in dye template expressions

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

CVE-2026-35197

CVE-2026-35197 affects the dye library for shell scripts. Before version 1.1.1, certain dye template expressions could lead to arbitrary code execution. The issue was discovered and fixed by the dye author, and is not publicly known to be exploited. A fix is available in 1.1.1. The NVD and Red Ha...

Arbitrary Code Injection

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Arbitrary Code Injection via the template rendering process. An attacker can execute arbitrary code on the...

CVE-2026-5556

A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible...

EUVD-2026-19186

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

CVE-2026-5631

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

CVE-2026-5631 assafelovic gpt-researcher ws Endpoint server_utils.py extract_command_data code injection

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

CVE-2026-5631

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

CVE-2026-5631

The CVE-2026-5631 entry affects assafelovic gpt-researcher up to version 3.4.3. The vulnerability resides in the function extract_command_data in backend/server/server_utils.py of the ws Endpoint, where manipulation of the args parameter enables code injection. This can be exploited remotely; the...

PT-2026-30570

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract command data of the file backend/server/server utils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote...

Student-Management-System 代码注入漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. Versions of Student-Management-System 1a938fa61e9f735078e9b291d2e6215b4942af3f and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the...

GPT Researcher 代码注入漏洞

GPT Researcher is an AI-based deep research agent tool developed by Assaf Elovic. Versions of GPT Researcher 3.4.3 and earlier have a code injection vulnerability. This vulnerability stems from improper handling of the args parameter in the extractcommanddata function in the...

Student-Management-System 代码注入漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. Versions of Student-Management-System 1a938fa61e9f735078e9b291d2e6215b4942af3f and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the...

Code-Projects Online Shoe Store 代码注入漏洞

Code-Projects Online Shoe Store is an open-source online shoe store system developed by Code-Projects. Version 1.0 of Code-Projects Online Shoe Store contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter productname in the file...

Student-Management-System 代码注入漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. The Student-Management-System has a code injection vulnerability, which stems from incorrect handling of the "batch" parameter in the file admin/class%20schedule/deletebatch.php. This...