GHSA-XGGW-G9PM-9QHH AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...

AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-31277link is external Apple Multiple Products Buffer Overflow Vulnerability CVE-2025-32432link is external Craft CMS Code Injection Vulnerability...

itsourcecode University Management System 代码注入漏洞

itsourcecode University Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode University Management System has a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter stname in the file...

pybbs 代码注入漏洞

pybbs is a Java-developed community platform created by iuiu’s individual developers. Version 6.0.0 of pybbs contains a code injection vulnerability. This vulnerability stems from a cross-site scripting attack in the create function located in the file...

WordPress plugin Kali Forms 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

MindSQL 代码注入漏洞

MindSQL is an open-source database interaction and retrieval enhancement generation library developed by MindInventory. Versions of MindSQL 0.2.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from the askdb function in the mindsql/core/mindsqlcore.py file, which...

Mesop 代码注入漏洞

Mesop is an open-source UI framework for quickly building Python web applications. Versions of Mesop 1.2.2 and earlier contained a code injection vulnerability. This vulnerability stemmed from the /exec-py endpoint in the ai/test module, which executed unvalidated Python code without any...

pybbs 代码注入漏洞

pybbs is a Java-developed community platform created by iuiu’s individual developers. Version 6.0.0 of pybbs contains a code injection vulnerability. This vulnerability stems from a cross-site scripting attack in the create function located in the file...

Craft CMS Code Injection Vulnerability

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code...

Laravel Livewire Code Injection Vulnerability

Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios...

CLSA-2026-1773923672 ImageMagick: Fix of 11 CVEs

CVE-2026-25797: fix PostScript/HTML code injection via unsanitized filenames - CVE-2026-25982: fix heap out-of-bounds read in DICOM colormap decoder - CVE-2026-25968: fix stack buffer overflow in MSL opacity attribute processing - CVE-2026-25986: fix heap buffer overflow write in YUV 4:2:2...

SuiteCRM 代码注入漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 had a code injection vulnerability. This vulnerability stemmed from authenticated remote code execution within the SuiteCRM modules...

CVE-2026-32698

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the custom field's name was injected into the SQL query...

CVE-2026-22322

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

Portábilis i-Educar 代码注入漏洞

Portábilis i-Educar is an application developed by Portábilis Corporation. It can conveniently assist you in basic and technical education. Version 2.11 of Portábilis i-Educar contains a code injection vulnerability. This vulnerability arises from improper handling of the Name parameter in the...

PT-2026-26156

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the custom field's name was injected into the SQL query...

TRENDnet TEW-824DRU 代码注入漏洞

TRENDnet TEW-824DRU is a dual-band wireless router produced by TRENDnet Corporation. Both versions of the TRENDnet TEW-824DRU, 1.010B01 and 1.04B01, contain a code injection vulnerability. This vulnerability stems from improper handling of the Language parameter in the sub420A78 function within t...

OpenProject SQL注入漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 have a SQL injection vulnerability. This vulnerability arises from custom field names not being properly cleaned in SQL queries, which can allow SQL injection...

AnythingLLM Code Injection Vulnerability

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM has a code injection vulnerability that stems from the ImportedPlugin.importCommunityItemFromUrl function downloads a ZIP file and extracts it without verifying the path to the file within the archive, which can be...