CVE-2025-40943

The CVE-2025-40943 entry describes improper sanitization of trace file contents on affected devices, enabling code injection when a user imports a specially crafted trace file via social engineering. Root cause: inadequate input sanitization in trace-file handling. Impact: high confidentiality, i...

CVE-2025-40943

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitiz...

Exploit for Code Injection in Apache Commons_Text

No d...

Exploit for Code Injection in Anthropic Claude_Code

Claude Code: MCP Tool Confirmation Prompt Misrepresentation !...

Schneider Electric EcoStruxure Automation Expert 代码注入漏洞

Schneider Electric EcoStruxure Automation Expert is a software platform for industrial automation systems from the French company Schneider Electric Schneider Electric. A code injection vulnerability exists in Schneider Electric EcoStruxure Automation Expert, which can be exploited by an attacker...

PT-2026-24261

CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...

📄 SPIP Saisies 5.11.0 Remote Code Execution

This Metasploit module exploits an unauthenticated PHP code injection in the SPIP Saisies plugin. The anciennesvaleurs form parameter is interpolated unsanitized into a hidden field rendered with interdirescripts=false, allowing direct PHP code execution via template eval. Exploitation requires a...

PT-2026-24217

Name of the Vulnerable Software and Affected Versions Siemens PLCs affected versions not specified Description The software does not properly sanitize the contents of trace files. This could allow an attacker to inject code by socially engineering a legitimate user to import a specially crafted...

Siemens SIMATIC

SUMMARY SIMATIC S7-1500 devices contain a vulnerability that could allow an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in the web interface. Siemens has released new versions for several affected products and recommends to update to the...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via improper sanitization in the cleanUpString function. An attacker can execute arbitrary commands on the server by injecting specially crafted Liquidsoap string interpolation sequences into user-controllable...

SUSE-SU-2026:0854-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-24485: denial of service via malformed PCD file processing bsc1258791. - CVE-2026-25576: Out of bounds read in multiple...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-24485: denial of service via malformed PCD file processing bsc1258791. CVE-2026-25576: Out of bounds read in multiple coders th...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-24485: denial of service via malforme...

SUSE-SU-2026:0853-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-24485: denial of service via...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-24485: denial of service via malforme...

SUSE-SU-2026:0852-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-24485: denial of service via...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-24485: denial of service via malforme...

SUSE-SU-2026:0851-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-24485: denial of service via...

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer...

OPENSUSE-SU-2026:20337-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-22770: improper pointer initialization can cause denial of service bsc1256969. - CVE-2026-23874: manipulation of digital images can lead to stack overflow bsc1256976. - CVE-2026-23876: ImageMagick: maliciously crafted image can le...