CVE-2026-3955

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

CVE-2026-3955 elecV2P jsfile Endpoint wbjs.js runJSFile code injection

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

CVE-2026-3955

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

CVE-2026-3955 elecV2P jsfile Endpoint wbjs.js runJSFile code injection

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

CVE-2026-3955

The CVE-2026-3955 entry affects elecV2P up to version 3.8.3. The vulnerable component is the function runJSFile in file source-code/elecV2P-master/webser/wbjs.js of the jsfile Endpoint, with code injection as the underlying issue. Attacker can potentially exploit remotely, and public disclosure o...

Arbitrary Code Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Code Injection via the upstream API requests. An attacker can execute arbitrary code by injecting malicious prompts into requests. Remediation There is no fixed version for...

CVE-2026-20116 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection via the BaseElementSelectConditionRule::getElementIds function. An attacker can execute arbitrary code by sending a crafted condition rule through standard element...

EUVD-2026-11087

Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands...

CVE-2026-20892

Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands...

CVE-2026-20892

CVE-2026-20892 : A code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, where an administrator may execute arbitrary commands. The entry provides CVSS metrics (3.0 and 4.0 schemas) indicating high impact across confidentiality, integrity, and availability with network attack vector a...

EUVD-2026-11088

Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands...

CVE-2026-20892

Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands...

CVE-2026-20892

Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands...

Cloud CLI 代码注入漏洞

Cloud CLI is a multi-model AI programming assistant desktop and mobile interface open-sourced by Siteboon. Versions of Cloud CLI prior to 1.24.0 contained a code injection vulnerability. This vulnerability stemmed from the /api/user/git-config endpoint constructing shell commands without properly...

Micro Research MR-GM5L-S1和Micro Research MR-GM5A-L1 代码注入漏洞

Both Micro Research MR-GM5L-S1 and Micro Research MR-GM5A-L1 are embedded industrial communication module devices produced by the Canadian company Micro Research. Both devices have code injection vulnerabilities; these vulnerabilities stem from code injection issues that may allow for the executi...

Craft CMS 代码注入漏洞

Craft CMS is an open-source content management system developed by Craft. Versions of Craft CMS prior to 5.9.9 and 4.17.4 contained a code injection vulnerability. This vulnerability stemmed from the BaseElementSelectConditionRule::getElementIds method, which allowed user input to be passed to th...

PT-2026-24576

CVE-2026-20892 Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands. https://t.co/kFNHR6JAmT...

PT-2026-24842

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

elecV2P 代码注入漏洞

elecV2P is a network request modification and scheduled task tool developed by the elecV2 individual developer. Versions of elecV2P 3.8.3 and earlier have a code injection vulnerability. This vulnerability stems from incorrect operations on the runJSFile function in the jsfile Endpoint’s source...