PT-2026-22172

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An issue exists in Kibana Workflows related to improper neutralization of special elements used in a template engine CWE-1336. This could allow an authenticated attacker with the...

WordPress plugin WooCommerce Photo Reviews 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Agenta 代码注入漏洞

Agenta is an open-source platform developed by Agenta for building production-grade large language model applications. Versions of Agenta prior to 0.48.1 contained a code injection vulnerability. This vulnerability stemmed from a sandbox error that allowed the numpy package, potentially leading t...

Arbitrary Code Injection

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Arbitrary Code Injection via the expression evaluation system. An attacker can execute arbitrary system commands by crafting malicious expressions in workflow parameters. Notes: 1 This is only...

Arbitrary Code Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary Code Injection via the Merge node's SQL query mode. An attacker can execute arbitrary code and write arbitrary files on the server by crafting malicious workflows after authenticating with...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code outside the intended sandbox boundary by creating or modifying workflows after authenticating with sufficient permissions. Workaround This vulnerability can be mitigated b...

Eval Injection

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Eval Injection via the runView function in the view filter mechanism, where user-controlled input is evaluated without proper sanitization. An attacker can execute arbitrary JavaScript code on t...

CVE-2025-9120

Improper Control of Generation of Code 'Code Injection' vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. The vulnerability could be exploited through an open port, potentially allowing unauthorized access. This issue affects Carbonite Safe Server Backup: through 6.8....

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained a code injection vulnerability. This vulnerability stemmed from defects in the JavaScript Task Runner sandbox, which could allow authenticated users with...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.2.0 and 1.123.8 contained a code injection vulnerability. This vulnerability stemmed from the ability of authorized authenticated users to chain-utilize the Read/Write Files from Disk node with g...

SourceCodester Mvuma Patients Waiting Area Queue Management System 代码注入漏洞

SourceCodester Mvuma Patients Waiting Area Queue Management System is an open-source system for patient waiting area queue management developed by SourceCodester. Version 1.0 of the SourceCodester Mvuma Patients Waiting Area Queue Management System contains a code injection vulnerability. This...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained a code injection vulnerability. This vulnerability arises from the possibility for authorized authenticated users to exploit custom expressions within workflow...

Enclave 代码注入漏洞

Enclave is a sandbox software open source by AgentFront. Versions of Enclave prior to 2.11.1 had a code injection vulnerability. This vulnerability stemmed from the possibility of escaping the security boundaries set by @enclave-vm/core, which could lead to remote code execution...

LiveCode 代码注入漏洞

LiveCode is a multi-platform programming tool developed by the LiveCode team. It can run on iOS, Android, OS X, Windows 95 through Windows 10, Raspberry Pi, and various Unix variants including Linux, Solaris, and BSD. LiveCode has a code injection vulnerability. This vulnerability stems from the...

Patrick Mvuma Patients Waiting Area Queue 代码注入漏洞

Patrick Mvuma Patients Waiting Area Queue is a queue management system for waiting areas in hospitals/clinics developed by Patrick Mvuma himself. Version 1.0 of Patrick Mvuma Patients Waiting Area Queue contains a code injection vulnerability. This vulnerability arises from incorrect handling of...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained a code injection vulnerability. This vulnerability arises because authorized authenticated users can exploit the SQL query patterns of the Merge node,...

WordPress plugin Advanced Woo Labels 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

CVE-2026-27156 NiceGUI has XSS via Code Injection

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...

CVE-2026-27156 NiceGUI has XSS via Code Injection

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...

CVE-2026-27156 NiceGUI has XSS via Code Injection

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...