MiracleLinux 8 : nodejs:18 (AXSA:2023-6526:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6526:01 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A Asianux Security Bulletin which...

MiracleLinux 7 : rh-ruby25-ruby-2.5.9-9.el7 (AXSA:2021-1762:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1762:01 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 ruby: Regular expression denial of service vulnerability of...

MiracleLinux 7 : rh-ruby26-ruby-2.6.7-119.el7 (AXSA:2021-1768:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1768:01 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 ruby: NUL injection vulnerability o...

Code injection vulnerability in binary-parser library

Overview The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public...

MiracleLinux 8 : ksh-20120801-253.el8 (AXSA:2020-169:04)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-169:04 advisory. ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection CVE-2019-14868 Tenable has extracted the...

MiracleLinux 7 : ksh-20120801-140.el7 (AXSA:2020-4475:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4475:02 advisory. ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection CVE-2019-14868 Tenable has extracted the...

Code Injection

Enclave is vulnerable to Code Injection. The vulnerability is due to exposure of a host-side Error object with an intact prototype chain to sandboxed code, which allows an attacker to traverse to the host Function constructor and execute arbitrary code in the Node.js host runtime...

SourceCodester: Patients Waiting Area Queue Management System – Code Injection Vulnerability

The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a code injection vulnerability. This vulnerability...

Itsourcecode Society Management System Code Injection Vulnerability

itsourcecode Society Management System is an open-source social management system developed by itsourcecode. Version 1.0 of the itsourcecode Society Management System has a code injection vulnerability. This vulnerability arises from incorrect handling of parameters in the file admin/expenses.php...

Itsourcecode Society Management System Code Injection Vulnerability

itsourcecode Society Management System is an open-source social management system developed by itsourcecode. Version 1.0 of the itsourcecode Society Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “Title” in the file...

HRMS code injection vulnerability

HRMS is a human resources management system developed by BoringError. Version 1.0.1 of HRMS contains a code injection vulnerability, which stems from incorrect operations on the function UpdateRecruitmentById in the file handler/recruitment.go. This vulnerability may lead to cross-site scripting...

mpay code injection vulnerability

MPay is a convenient payment collection tool developed by Technic Laohu in China. Versions of MPay 1.2.4 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Nickname,” and could lead to cross-site scripting attacks...

SiYuan code injection vulnerability

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.4 contained a code injection vulnerability. This vulnerability stemmed from the/api/attr/setBlockAttrs API, which allowed attackers to inject arbitrary HTML attributes into the...

BootDo code injection vulnerability

BootDo is a backend management system framework developed by lcg0124. lcg0124 BootDo has a code injection vulnerability, which stems from incorrect handling of parameters in the file /blog/bContent/save, specifically those related to content/author/title. This vulnerability may lead to cross-site...

SourceCodester: Patients Waiting Area Queue Management System – Code Injection Vulnerability

The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a code injection vulnerability. This vulnerability...

Arbitrary Code Injection

Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...

Exploit for Code Injection in Iptanus Wordpress_File_Upload

No d...

Lobe Chat code injection vulnerability

Lobe Chat is an open-source, high-performance chatbot framework developed by LobeHub. Versions of Lobe Chat prior to 2.0.0-next.180 contained a code injection vulnerability. This vulnerability stemmed from a storage-oriented cross-site scripting vulnerability in the Mermaid renderer, which could...

Exploit for CVE-2026-22785

CVE-2026-22785 Reproducing Tutorial Vulnerability Overview...

LigeroSmart code injection vulnerability

LigeroSmart is an open-source management platform developed by LigeroSmart. Versions of LigeroSmart 6.1.26 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter TicketID in the file /otrs/index.pl, which could lead to cross-site...