CVE-2021-47778 GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

CVE-2021-47778 GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

CVE-2021-47778

CVE-2021-47778 affects GetSimple CMS My SMTP Contact Plugin 1.1.2. A PHP code injection vulnerability exists that allows an authenticated administrator to inject arbitrary PHP code via plugin configuration parameters, resulting in remote code execution on the server. The Red Hat and NVD/NVD-deriv...

EUVD-2026-3619

WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files \WINPAKPRO\ScheduleService Service.exe' to inject malicious code...

CVE-2021-47867

The CVE-2021-47867 entry applies to WIN-PACK PRO 4.8, affecting the ScheduleService through an unquoted service path vulnerability. The unquoted path “C:\Program Files \WINPAKPRO\ScheduleService Service.exe” can allow a local attacker to inject code that executes with elevated privileges during s...

CVE-2021-47863

MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20045link is external Cisco Unified Communications Products Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious...

EUVD-2026-3590

Orval has a code injection via unsanitized x-enum-descriptions in enum generation...

GHSA-H526-WF6G-67JV Orval has a code injection via unsanitized x-enum-descriptions in enum generation

Impact Arbitrary code execution in environments consuming generated clients This issue is similar in nature to the recently-patched MCP vulnerability CVE-2026-22785, but affects a different code path in @orval/core that was not addressed by that fix. The vulnerability allows untrusted OpenAPI...

Orval has a code injection via unsanitized x-enum-descriptions in enum generation

Impact Arbitrary code execution in environments consuming generated clients This issue is similar in nature to the recently-patched MCP vulnerability CVE-2026-22785, but affects a different code path in @orval/core that was not addressed by that fix. The vulnerability allows untrusted OpenAPI...

5ire code injection vulnerability

5ire is a cross-platform desktop AI assistant developed by Ironben’s developers. Versions of 5ire prior to 0.15.3 contained a code injection vulnerability. This vulnerability stemmed from insecure option parsing in the ECharts Markdown plugin, allowing users who could submit ECharts code blocks t...

GetSimple Content Management System: Code Injection Vulnerability

GetSimple Content Management System is an open-source content management system developed by GetSimpleCMS. Version 1.1.2 of GetSimple Content Management System has a code injection vulnerability. This vulnerability stems from PHP code injection through plugin configuration parameters, which may...

PT-2026-3830

eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute...

PT-2026-3796

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

OpenPLC code injection vulnerability

OpenPLC is an open-source programmable logic controller developed by Thiago Alves. It provides low-cost industrial solutions for automation and research purposes. Version OpenPLC v3 has a code injection vulnerability, which stems from authenticated remote code execution through the hardware...

vLLM code injection vulnerability

vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM from 0.10.1 to 0.14.0 contained a code injection vulnerability. This vulnerability stemmed from the loading of the Hugging Face automap dynamic module during...

Cisco Unified Communications Products Code Injection Vulnerability

Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance contain a code injection...

binary-parser library has a code injection vulnerability

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

GHSA-M39P-34QH-RH3W binary-parser library has a code injection vulnerability

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...