Debian dsa-6320 : php-twig - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6320 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6320-1 [email protected] https://www.debian.org/securit...

CVE-2026-10688

A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function executeblendercode of the file /src/blendermcp/server.py. This manipulation of the argument code causes code injection. The attack is possible to be carried...

CVE-2026-10688 ahujasid blender-mcp server.py execute_blender_code code injection

A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function executeblendercode of the file /src/blendermcp/server.py. This manipulation of the argument code causes code injection. The attack is possible to be carried...

CVE-2026-10688

A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function executeblendercode of the file /src/blendermcp/server.py. This manipulation of the argument code causes code injection. The attack is possible to be carried...

CVE-2026-10688 ahujasid blender-mcp server.py execute_blender_code code injection

A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function executeblendercode of the file /src/blendermcp/server.py. This manipulation of the argument code causes code injection. The attack is possible to be carried...

CVE-2026-10688

The CVE-2026-10688 affects the ahujasid blender-mcp project; the vulnerable component is execute_blender_code in /src/blender_mcp/server.py. Manipulating the code argument allows code injection, with remote execution possible. Public exploitation is indicated, and the project uses a rolling relea...

[SECURITY] [DSA 6320-1] php-twig security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6320-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 02, 2026 https://www.debian.org/security/faq -...

CVE-2026-10175

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

Google Chrome 代码注入漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 had a code injection vulnerability, which was caused by accessibility script injection. This vulnerability could allow attackers to inject arbitrary scripts or HTML through...

itsourcecode Fees Management System 代码注入漏洞

itsourcecode Fees Management System is an open-source charging management system developed by itsourcecode. Version 1.0 of the itsourcecode Fees Management System has a code injection vulnerability; this vulnerability stems from operations on the page parameters in the index.php file, which may...

PT-2026-45876

Name of the Vulnerable Software and Affected Versions ahujasid blender-mcp versions prior to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b Description Remote code injection is possible through the manipulation of the code argument within the execute blender code function located in the /src/blender...

CordysCRM 代码注入漏洞

FIT2CLOUD CordysCRM is a customer relationship management system developed by FIT2CLOUD. Versions of CordysCRM 1.4.1 and earlier contain a code injection vulnerability. This vulnerability stems from a issue with the Save function in the ModuleFormController component’s file...

WordPress plugin Content Visibility for Divi Builder 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

BrowserStack Runner 代码注入漏洞

BrowserStack Runner is an open-source browser testing command-line tool developed by BrowserStack. Versions of BrowserStack Runner prior to 0.9.5 contained a code injection vulnerability. This vulnerability stems from the log HTTP handler, where data provided by users is passed to...

BlenderMCP 代码注入漏洞

BlenderMCP is a 3D modeling control tool developed by ahujasid that connects Blender with AI. Versions of BlenderMCP 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b and earlier have a code injection vulnerability. This vulnerability stems from the handling of the code parameter in the executeblendercode...

OpenMed 代码注入漏洞

OpenMed is a medical text structuring and analysis tool developed by Maziyar Panahi. Versions of OpenMed prior to 1.5.2 contained a code injection vulnerability. This vulnerability stemmed from a remote code execution flaw in the path where the PII privacy filter model is loaded. It could allow...

CicadasCMS 代码注入漏洞

CicadasCMS is a content management framework developed by the Chinese individual developer westboy, based on SpringBoot, Mybatis, SpringSecurity, and Vue. CicadasCMS has a code injection vulnerability, which stems from an unknown function issue in the task scheduling management module, specifical...

Linux Distros Unpatched Vulnerability : CVE-2026-45505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ...

FIT2CLOUD CordysCRM 代码注入漏洞

FIT2CLOUD CordysCRM is a customer relationship management system developed by FIT2CLOUD Corporation. Versions of FIT2CLOUD CordysCRM 1.6.2 and earlier contain a code injection vulnerability. This vulnerability stems from an unknown function in the file...

Linux Distros Unpatched Vulnerability : CVE-2026-42588

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ...