CVE-2025-57707

An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...

Crawl4AI 代码注入漏洞

Crawl4AI is an open-source, LLM-friendly web crawler developed by UncleCode’s individual developers. Versions of Crawl4AI prior to 0.8.0 contained a code injection vulnerability. This vulnerability stemmed from the /crawl endpoint in the Docker API deployment, which accepted hooks parameters...

Cisco ClamAV ClamBC 代码注入漏洞

Cisco ClamAV ClamBC is a bytecode signature system developed by Cisco, Inc. Cisco ClamAV ClamBC has a code injection vulnerability, which stems from weak input validation in the handling of function names. This vulnerability could allow attackers to execute malicious bytecode or cause unexpected...

yoke 代码注入漏洞

Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained a code injection vulnerability. This vulnerability stemmed from the lack of proper URL validation in the Air Traffic Controller component, allowing users with the authority to create or...

authentik 代码注入漏洞

Authentik is an open-source identity provisioning application developed by Authentik. Versions of Authentik prior to 2025.8.6, 2025.10.4, and 2025.12.4 have a code injection vulnerability. This vulnerability allows users with specific permissions to execute arbitrary code through test endpoints...

CVE-2026-21537

Improper control of generation of code 'code injection' in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network...

CVE-2025-57707

An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...

CVE-2025-57707

An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...

CVE-2025-57707 File Station 5

An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...

CVE-2025-57707 File Station 5

An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...

CVE-2025-57707

An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...

CVE-2025-57707

CVE-2025-57707 affects QNAP File Station 5. The vulnerability is described as an improper neutralization of directives in statically saved code (Static Code Injection) that could allow a remote attacker with a user account to access restricted data/files. The Red Hat, NVD, OSV, and related source...

PT-2026-7557

An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...

KeePass Password Safe 代码注入漏洞

KeePass Password Safe is a local password management tool developed by the KeePass company. Versions of KeePass Password Safe prior to 2.44 contained a code injection vulnerability. This vulnerability stemmed from improper handling of HTML in the help system, which could lead to denial-of-service...

PT-2026-7605

ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated...

WordPress plugin Lucky Wheel Giveaway 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

QNAP Systems File Station 5 安全漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems File Station 5 prior to 5.5.6.5166 contained security vulnerabilities. These vulnerabilities were caused by static code injection, which could lead to acce...

Chevereto 代码注入漏洞

Chevereto is a graph-based program. The Chevereto 3.13.4 Core version has a code injection vulnerability, which stems from improper handling of database table prefix parameters. This vulnerability may lead to remote code execution...

Schneider Electric EcoStruxure Building Operation Workstation 代码注入漏洞

Schneider Electric EcoStruxure Building Operation Workstation is a specialized operational terminal component developed by Schneider Electric, a French company. The Schneider Electric EcoStruxure Building Operation Workstation has a code injection vulnerability, which stems from improper code...

WordPress plugin Custom Block Builder – Lazy Blocks 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...