Student Management System 代码注入漏洞

Student Management System is a simple web-based student management software developed by Sk.Amir Hamza in Bangladesh. The Student Management System has a code injection vulnerability, which stems from incorrect handling of the parameter “Error” in the file index.php, potentially leading to...

forest 代码注入漏洞

Forest is a modern knowledge community backend project developed by RYMCU. It is implemented using SpringBoot, Shiro, MyBatis, JWT, and Redis. Versions of Forest 0.0.5 and earlier have a code injection vulnerability. This vulnerability stems from incorrect operations on the XssUtils.replaceHtmlCo...

Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Versions of Yifang CMS 2.0.5 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Name” in the file...

Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Versions of Yifang CMS 2.0.5 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter ‘name/index’ in the file...

Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Versions of Yifang CMS 2.0.5 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Name” in the file...

FunAdmin 代码注入漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc4 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of parameters in the app/backend/view/index/index.html file of the component'...

CVE-2025-52744

Improper Control of Generation of Code 'Code Injection' vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through = 1.0...

CVE-2025-67979

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

Exploit for CVE-2026-27574

CVE-2026-27574-OneUptime-RCE !Authorhttps://img.shields.io/...

Arbitrary Code Injection

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Arbitrary Code Injection via the backup restore process. An attacker can execute arbitrary server-side code by uploading and restoring a specially crafted backup file. This is only exploitable if th...

OneUptime 代码注入漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime 9.5.13 and earlier contain a code injection vulnerability. This vulnerability stems from the use of the unsafe node:vm module in the custom...

CVE-2025-67979

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

CVE-2025-52744

Improper Control of Generation of Code 'Code Injection' vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through = 1.0...

CVE-2025-67979 WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

CVE-2025-67979

CVE-2025-67979 affects the WordPress plugin WPForms Google Sheet Connector (gsheetconnector-wpforms) up to version 4.0.1. The vulnerability is described as an improper control of generation of code (Code Injection) that enables remote code execution (RCE). Public sources in the connected data ide...

CVE-2025-67979 WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

CVE-2025-52744

Summary: CVE-2025-52744 affects the WordPress plugin “Inpersttion For Theme” (err-our-team), with versions n/a through 1.0. The root cause is improper control of the generation of code, leading to arbitrary code execution (code injection). Affected software is vulnerable to code injection as desc...

CVE-2025-52744 WordPress Inpersttion For Theme plugin <= 1.0 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through = 1.0...

CVE-2025-52744 WordPress Inpersttion For Theme plugin <= 1.0 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through = 1.0...

CVE-2026-25006

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through = 9.6.4...