CMSimple 代码注入漏洞

CMSimple is a free content management system. CMSimple suffers from a code execution vulnerability that stems from the template editing feature not securely controlling and filtering the content of user-inputted code, resulting in logged-in users being able to inject malicious PHP code into...

📄 PKP-WAL 3.5.0-1 baseColour LESS Code Injection

PKP-WAL versions 3.5.0-1 and below suffer from a LESS baseColour related code injection vulnerability. ----------------------------------------------------------------- PKP-WAL = 3.5.0-1 baseColour LESS Code Injection Vulnerability -----------------------------------------------------------------...

Hugging Face Transformers 代码注入漏洞

Hugging Face Transformers is a Hugging Face open source framework for defining state-of-the-art machine learning models covering textual, visual, audio, and multimodal models for inference and training. A code injection vulnerability exists in Hugging Face Transformers, which stems from a lack of...

CVE-2024-57521

SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java...

Hugging Face Transformers 代码注入漏洞

Hugging Face Transformers is a Hugging Face open source framework for defining state-of-the-art machine learning models covering textual, visual, audio, and multimodal models for inference and training. Hugging Face Transformers suffers from a code injection vulnerability that stems from a lack o...

📄 PKP-WAL 3.5.0-3 X-Forwarded-Host LESS Code Injection

PKP-WAL versions 3.5.0-3 and below suffer from a LESS X-Forwarded-Host related code injection vulnerability. ----------------------------------------------------------------------- PKP-WAL getBaseUrl method, can be manipulated by unauthenticated attackers through the X-Forwarded-Host HTTP header,...

CampCodes Complete Online Beauty Parlor Management System 代码注入漏洞

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter...

CVE-2025-65037

Improper control of generation of code 'code injection' in Azure Container Apps allows an unauthorized attacker to execute code over a network...

CVE-2025-67850

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

Exploit for Code Injection in Xwiki

CVE-2025-24893 Remote Code Execution exploit for XWikihttp...

CVE-2025-60068

Improper Control of Generation of Code 'Code Injection' vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through = 3.0.0.266...

CVE-2025-60070

Improper Control of Generation of Code 'Code Injection' vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through = 1.5.13...

CVE-2025-64225

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through = 1.2.11...

CVE-2025-14856

A security vulnerability has been detected in yproject RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed public...

Code-Projects Simple Stock System 代码注入漏洞

Code-Projects Simple Stock System is a Code-Projects open source simple stock system. A code injection vulnerability exists in Code-Projects Simple Stock System version 1.0, which originates from a cross-site scripting vulnerability in an unknown function in the file /market/chatuser.php...

📄 LibreNMS 24.9.1 Code Injection

LibreNMS version 24.9.1 suffers from a remote command execution vulnerability. ============================================================================================================================================= | Title : LibreNMS 24.9.1 PHP Code Injection Vulnerability | | Author :...

PT-2025-52590

CVE-2025-68485 - Apache HTTP Server Code Injection Vulnerability CVE ID : CVE-2025-68485 Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

CVE-2025-14837

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

CVE-2025-65037

Improper control of generation of code 'code injection' in Azure Container Apps allows an unauthorized attacker to execute code over a network...

EUVD-2025-204414

Improper control of generation of code 'code injection' in Azure Container Apps allows an unauthorized attacker to execute code over a network...