📄 Laravel Pulse 1.3.1 Arbitrary Code Injection

Proof of concept exploit written in PHP for Laravel Pulse version 1.3.1. This version of Laravel Pulse suffers from an arbitrary code injection vulnerability...

Ruoyi 代码注入漏洞

Ruoyi is a backend management system for individual developers. Ruoyi 4.8.1 and previous versions of code injection vulnerability exists, the vulnerability stems from improper handling of the parameter fragment in the file /monitor/cache/getnames, which may lead to code injection...

PT-2025-52385

Name of the Vulnerable Software and Affected Versions Hugging Face Transformers affected versions not specified Description A flaw exists within the convert config function in Hugging Face Transformers, allowing remote attackers to execute arbitrary code on affected systems. Exploitation requires...

(0Day) Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific flaw exists within the convertconfig functio...

PT-2025-52384

Name of the Vulnerable Software and Affected Versions Hugging Face Transformers affected versions not specified Description A flaw exists in the convert config function that allows remote attackers to execute arbitrary code on affected systems. Exploitation requires user interaction, specifically...

PT-2025-52171

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through = 1.2.11...

CVE-2025-14837 ZZCMS Backend Website Settings siteconfig.php stripfxg code injection

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

CVE-2025-14837 ZZCMS Backend Website Settings siteconfig.php stripfxg code injection

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

EUVD-2025-204005

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

CVE-2025-14837

ZZCMS 2025 has a code injection vulnerability in the Backend Website Settings Module. The stripfxg function in /admin/siteconfig.php mishandles the icp argument, enabling remote code execution. Exploit has been publicly disclosed. Affected: ZZCMS 2025; file: /admin/siteconfig.php; function: strip...

CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

EUVD-2025-203917

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

CVE-2025-33226

NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2025-64633

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through = 1.6.8...

PT-2025-51982

Name of the Vulnerable Software and Affected Versions ZZCMS version 2025 Description A code injection issue exists in ZZCMS 2025, specifically within the Backend Website Settings Module. The stripfxg function in the /admin/siteconfig.php file is affected. Manipulation of the icp argument can lead...

ChurchCRM 代码注入漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from user input in the installation wizard being written directly to a configuration file without validation, which can be exploited by an attacker to cause remote code execution...

📄 Invoice Ninja 5.8.22 PHP Code Injection

Invoice Ninja version 5.8.22 remote proof of concept exploit for a PHP code injection vulnerability. ============================================================================================================================================= | Title : Invoice Ninja v 5.8.22 PHP Code Injection...

TMS 代码注入漏洞

TMS is a channel-based team communication and collaboration + lightweight task dashboard by weicheng individual developers. A code injection vulnerability exists in TMS 2.28.0 and earlier versions, which stems from the incorrect operation of the parameter content in the file...

CVE-2025-14729

A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...