CVE-2026-24149

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

Arbitrary Code Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via th...

Exploit for Code Injection in Vmware Spring_Framework

No d...

GHSA-MHF6-PP52-8WQJ Moodle Cross-site Scripting (XSS) vulnerability

A flaw was found in Moodle. This Cross-site Scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

Moodle vulnerable to Cross-site Scripting

A flaw was found in Moodle. This vulnerability, known as Cross-site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

CVE-2025-67850

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

CVE-2025-67850

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

CVE-2025-67850

CVE-2025-67850 – Moodle XSS via formula editor : Affected component is Moodle, where insufficient validation of user-provided data in the formula editor’s arithmetic expression fields allows a remote attacker to inject malicious code. When other users view these expressions, the script can execut...

CVE-2025-67849 Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses

A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

PT-2026-6383

A flaw was found in Moodle. This vulnerability, known as Cross-site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

PT-2026-6188

Name of the Vulnerable Software and Affected Versions NVIDIA Megatron-LM affected versions not specified Description The software contains a flaw in a script that could allow an attacker to inject code by providing malicious data. Exploitation of this issue may result in code execution, privilege...

Claude Code 代码注入漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 2.0.72 contained a code injection vulnerability. This vulnerability stemmed from command parsing errors, which could allow bypassing confirmation prompts and executing...

Arbitrary Code Injection

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Arbitrary Code Injection via the pandaseval function. An attacker can execute arbitrary code by supplying crafted input that bypasses input validation and leverages access to...

SandboxJS 代码注入漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.27 contained a code injection vulnerability. This vulnerability stemmed from improper restrictions on lookupGetter, which could lead to sandbox escape or remote code execution...

📄 Moodle 4.x PHP Code Injection

This proof of concept demonstrates a code injection vulnerability in Moodle versions 4.x. ============================================================================================================================================= | Title : Moodle 4.x PHP Code Injection Vulnerability | | Author ...

D-Link DSL-6641K 代码注入漏洞

The D-Link DSL-6641K is a router produced by D-Link Corporation. The D-Link DSL-6641K N8.TR069.20131126 version has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “Username” in the function “doSubmitPPP” within the file “sppppoeuser.js”, which ma...

CVE-2020-37061

BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with...

NetArt Media Easy Cart Shopping Cart 跨站脚本漏洞

NetArt Media Easy Cart Shopping Cart is a lightweight PHP e-commerce shopping system developed by NetArt Media in Bulgaria. The 2021 version of NetArt Media Easy Cart Shopping Cart contains a cross-site scripting vulnerability. This vulnerability stems from the non-persistent cross-site scripting...

Exploit for Code Injection in Vllm

No d...

CVE-2026-1281

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...