36544 matches found
📄 ManageEngine DeviceExpert 5.6 Traversal / Code Execution
Proof of concept exploit for ManageEngine DeviceExpert version 5.6 that injects PHP code into a user agent and uses a path traversal vulnerability to execute code...
Exploit for Code Injection in Rejetto Http_File_Server
No d...
CVE-2026-24564
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...
CVE-2026-0761
Foundation Agents MetaGPT actionoutputstrtomapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The...
CVE-2026-24132
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
Dioxus Components security vulnerabilities
Dioxus Components is a basic component open-sourced by Dioxus Labs. Version 41e4242ecb1062d04ae42a5215363c1d9fd4e23a of Dioxus Components had a security vulnerability. This vulnerability stemmed from the useofanimatedopen function, which used the user-provided ID to format eval strings, potential...
CVE-2025-69001
Improper Control of Generation of Code 'Code Injection' vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through = 6.1.11...
CVE-2025-69319
Improper Control of Generation of Code 'Code Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through = 2.9.4.1...
CVE-2025-67944
Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.1.8...
CVE-2025-68015
Improper Control of Generation of Code 'Code Injection' vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.8.5...
CVE-2026-22469
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through = 1.0.2...
CVE-2026-24564
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...
CVE-2026-24564 WordPress Textmetrics plugin <= 3.6.5 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...
CVE-2026-24564 WordPress Textmetrics plugin <= 3.6.5 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...
CVE-2026-24564
CVE-2026-24564 is a WordPress Textmetrics plugin vulnerability (Textmetrics webtexttool) that allows authenticated shortcode execution / code injection through improper neutralization of script-related HTML tags. Affected versions are Textmetrics up to 3.6.3 (Wordfence notes Subscriber+ context f...
GHSA-XVMH-25JW-GMMM Moodle affected by a code injection vulnerability
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...
Arbitrary Code Injection
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Arbitrary Code Injection due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. An attacker can execute arbitrary code on the server by...
Arbitrary Code Injection
Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Code Injection via the actionoutputstrtomapping function. An attacker can execute arbitrary code as the service account. Remediation There is no fixed version for metagpt. References -...
Arbitrary Code Injection
Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the code parameter in the validate endpoint. An attacker can execute arbitrary code with root...
Arbitrary Code Injection
Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the code parameter in the validate endpoint. An attacker can execute arbitrary code with root privileges by sending a specially crafted request...