36535 matches found
PT-2026-22323
Name of the Vulnerable Software and Affected Versions Johnson Controls Frick Controls Quantum HD versions 10.22 and prior Description A flaw exists in Johnson Controls Frick Controls Quantum HD that allows code injection. Insufficient input validation in certain parameters may permit unexpected...
PT-2026-22322
Name of the Vulnerable Software and Affected Versions Johnson Controls Frick Controls Quantum HD versions 10.22 and prior Description A flaw exists in Johnson Controls Frick Controls Quantum HD that allows for code injection. Insufficient input validation in certain parameters may allow for...
PT-2026-24944
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.19-2 Description A flaw exists in the applySkillConfigenvOverrides function within the Skill Env Handler component. This issue allows for code injection when a manipulation is executed remotely. The issue arises becaus...
Statamic 代码注入漏洞
Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. Versions of Statamic 5.73.11 and earlier, as well as 6.4.0 and earlier, had a code injection vulnerability. This...
Johnson Controls Frick Controls Quantum HD 安全漏洞
Johnson Controls Frick Controls Quantum HD is a high-end microprocessor control panel designed specifically for industrial refrigeration systems by Johnson Controls. The version 10.22 and earlier of Johnson Controls Frick Controls Quantum HD contained security vulnerabilities, which were caused b...
HTTP::Session2 安全漏洞
HTTP::Session2 is a Perl package developed by Tokuhiro Matsuno. Versions of HTTP::Session2 prior to 1.09 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of the session ID format provided by users, which could lead to code injection or other issues...
EUVD-2026-8873
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
CVE-2026-27510
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application com.unitree.doggo2, are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLi...
CVE-2026-26938
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
CVE-2026-26938
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
CVE-2026-27510 Unitree Go2 Mobile Program Tampering Enables Root RCE
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application com.unitree.doggo2, are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLi...
CVE-2026-26938
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
EUVD-2026-8845
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...
CVE-2026-28132
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...
Arbitrary Code Injection
Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the allowdangerouscode=True which automatically exposes LangChain’s Python REPL tool...
Arbitrary Code Injection
Overview storybook is a frontend workshop for building UI components and pages in isolation. Affected versions of this package are vulnerable to Arbitrary Code Injection via the WebSocket message handlers for creating and saving stories, specifically through unsanitized input in the...
PT-2026-29514
Name of the Vulnerable Software and Affected Versions MetInfo CMS versions 7.9 through 8.1 Description An unauthenticated PHP code injection flaw exists due to insufficient input neutralization in the execution path, specifically within the wxAdminLogin function and the file...
PT-2026-22134
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...