PHPEMS 代码注入漏洞

PHPEMS is an open-source PHP online simulation exam system developed by PHPEMS. Version 11.0 of PHPEMS contains a code injection vulnerability, which stems from incorrect handling of the parameter askcontent in the file /file/index.php?ask=app-ask. This vulnerability may lead to cross-site...

Locker 代码注入漏洞

Locker is an open-source personal data aggregation and management platform developed by The Locker Project. Versions 0.0.0, 0.0.1, and 0.1.0 of Locker contain code injection vulnerabilities. These vulnerabilities stem from incorrect operations on the authIsAwesome parameter ID in the file...

Machine-Learning-Web-Apps 代码注入漏洞

Machine-Learning-Web-Apps is a machine learning web application development framework developed by JCharis Jesse. There is a code injection vulnerability in Machine-Learning-Web-Apps, which stems from an incorrect operation on the rendertemplate function in the Jinja2 Template Handler component o...

SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2026:0854-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0854-1 advisory. - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-24485: denial of service...

SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2026:0853-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0853-1 advisory. - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484:...

SUSE SLES15 / openSUSE 15 Security Update : ImageMagick (SUSE-SU-2026:0852-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0852-1 advisory. - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484: denial ...

SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2026:0851-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0851-1 advisory. - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484:...

Arbitrary Code Injection

Overview @siteboon/claude-code-ui is an A web-based UI for Claude Code CLI Affected versions of this package are vulnerable to Arbitrary Code Injection in the git-config endpoint due to improper sanitization of user-supplied input in shell command construction. An attacker can execute arbitrary O...

EUVD-2026-10572

CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...

EUVD-2026-10571

CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...

EUVD-2025-208481

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering a legitimate user to import a specially crafted trace file...

EUVD-2025-208482

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering a legitimate user to import a specially crafted trace file...

CVE-2026-2273

CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...

CVE-2025-40943

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitiz...

CVE-2026-2273

CVE-2026-2273 is a Code Injection (CWE-94) flaw enabling execution of untrusted commands on an engineering workstation when a malicious project file is opened by an authenticated user. The vulnerability arises from improper control over code generation, potentially leading to a limited compromise...

CVE-2026-2273

CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...

CVE-2026-2273

CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...

CVE-2026-2273

CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...

CVE-2025-40943

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitiz...

CVE-2025-40943

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitiz...