CVE-2026-3395

A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editormarkitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack...

CVE-2025-30044

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstatsimple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection...

EUVD-2025-208148

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstatsimple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection...

CVE-2025-30044 RCE on uhcapache user permissions

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstatsimple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection...

CVE-2025-30044

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstatsimple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection...

CVE-2025-30044

CVE-2025-30044 affects endpoints under CliniNET.prd/utils (usrlogstat_simple.pl, usrlogstat.pl, userlogstat2.pl, dblogstat.pl). The issue is insufficient input normalization on parameters, enabling code injection. According to the provided metrics, the vulnerability has CRITICAL impact with HIGH ...

Arbitrary Code Injection

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

CVE-2026-3409

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

CVE-2026-3409 eosphoros-ai db-gpt Flow Import Endpoint import importlib.machinery.SourceFileLoader.exec_module code injection

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

EUVD-2026-9142

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

CVE-2026-3409

Affected software: eosphoros-ai db-gpt 0.7.5. Vulnerable component: Flow Import Endpoint, specifically importlib.machinery.SourceFileLoader.exec_module in /api/v1/serve/awel/flow/import. Root cause: manipulating a File leads to code injection. Impact: remote execution of injected code possible; n...

CVE-2026-3409 eosphoros-ai db-gpt Flow Import Endpoint import importlib.machinery.SourceFileLoader.exec_module code injection

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

📄 WordPress Query Console 1.0 Code Injection

This code represents an advanced, class-based proof-of-concept targeting a code injection vulnerability in WordPress Query Console plugin version 1.0. It is designed as a CLI-only tool that automates payload upload, verification, command execution testing, and optional interactive shell access,...

itsourcecode University Management System 代码注入漏洞

itsourcecode University Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode University Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “dt” in the file...

OpenClaw Code Injection Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code injection vulnerability. The vulnerability stems from the fact that channel metadata may be included in the model's system prompts when the Slack integration is enabled, increasing the attack...

DB-GPT 代码注入漏洞

DB-GPT is an open-source development framework for AI-native data applications based on AWEL and proxies, developed by eosphoros. Version 0.7.5 of DB-GPT contains a code injection vulnerability, which stems from operations on components in the file/api/v1/serve/awel/flow/import, potentially leadi...

PHPGurukul Student Record Management System 代码注入漏洞

PHPGurukul Student Record Management System is a student record management system developed by PHPGurukul Corporation. Version 1.0 of the PHPGurukul Student Record Management System has a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter “Subject 1” ...

PHPGurukul Student Record Management System 代码注入漏洞

PHPGurukul Student Record Management System is a student record management system developed by PHPGurukul Corporation. Versions of the PHPGurukul Student Record Management System prior to 1.0 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameter...

AFFiNE.Pro 代码注入漏洞

AFFiNE.Pro is an open-source next-generation knowledge base developed by Toeverything. Versions of AFFiNE.Pro prior to 0.25.4 contained a code injection vulnerability. This vulnerability occurred due to specially crafted affine: URLs, which could lead to remote code execution with just one click...

PT-2026-22540

Name of the Vulnerable Software and Affected Versions eosphoros-ai db-gpt version 0.7.5 Description A security flaw exists in eosphoros-ai db-gpt version 0.7.5 related to code injection. The issue is located in the function importlib.machinery.SourceFileLoader.exec module within the file...