Fickling has Code Injection vulnerability via pty.spawn()

Fickling Assessment Based on the test case provided in the original report below, this bypass was caused by pty missing from our block list of unsafe module imports as previously documented in 108, rather than the unused variable heuristic. This led to unsafe pickles based on pty.spawn being...

CVE-2025-14729

A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...

CVE-2025-14730

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

CVE-2025-14730

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

CVE-2025-14729

A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...

CVE-2025-14730 CTCMS Content Management System Backend System Configuration Ct_Config.php code injection

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

CVE-2025-14730 CTCMS Content Management System Backend System Configuration Ct_Config.php code injection

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

CVE-2025-14730

CVE-2025-14730 affects CTCMS Content Management System up to version 2.1.2, focusing on an unknown function in /ctcms/libs/Ct_Config.php. Manipulation of the Cj_Add/Cj_Edit argument leads to code injection, enabling remote execution. The issue is associated with the Backend System Configuration M...

CVE-2025-14729 CTCMS Content Management System Backend App Configuration Ct_App.php save code injection

A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...

CVE-2025-14729 CTCMS Content Management System Backend App Configuration Ct_App.php save code injection

A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...

CVE-2025-14729

CVE-2025-14729 affects CTCMS Content Management System up to version 2.1.2. The vulnerability resides in the Save function of /ctcms/libs/Ct_App.php, in the Backend App Configuration Module, where manipulating the CT_App_Paytype argument enables code injection. Remote exploitation is possible and...

Exploit for Code Injection in Apache Dolphinscheduler

No d...

CLSA-2025-1765801059 python-setuptools: Fix of 2 CVEs

CVE-2024-6345: fix code injection vulnerability in package download functions - CVE-2025-47273: fix path traversal in PackageIndex.download leading to arbitrary file write...

Zomplog 安全漏洞

Zomplog is a Web logging system from Zomplog Open Source. A security vulnerability exists in Zomplog version 3.9 that originates from allowing an authenticated attacker to inject and execute arbitrary PHP code via a file manipulation endpoint, potentially leading to remote code execution...

DMadmin 代码注入漏洞

DMadmin is China vion707 open source a basic interface framework . DMadmin code injection vulnerability exists , the vulnerability stems from the file Admin/Controller/AddonsController.class.php in the Add function there is a cross-site scripting vulnerability can be exploited remotely...

CTCMS 代码注入漏洞

CTCMS Chibi CMS is a video content management system from China Chibi CMS CTCMS company. A code injection vulnerability exists in CTCMS 2.1.2 and earlier versions, which stems from the improper handling of the parameter CjAdd/CjEdit by the unknown function in the file /ctcms/libs/CtConfig.php,...

CTCMS 代码注入漏洞

CTCMS Chibi CMS is a video content management system from China Chibi CMS CTCMS company. A code injection vulnerability exists in CTCMS 2.1.2 and earlier versions, which originates from improper handling of the parameter CTAppPaytype in the Save function in the file /ctcms/libs/CtApp.php, which m...

PT-2025-51320

Name of the Vulnerable Software and Affected Versions CTCMS Content Management System versions up to 2.1.2 Description A security flaw exists in CTCMS Content Management System. The issue resides in an unknown function within the /ctcms/libs/Ct Config.php library of the Backend System Configurati...

PT-2025-51319

Name of the Vulnerable Software and Affected Versions CTCMS Content Management System versions up to 2.1.2 Description A code injection issue exists in CTCMS Content Management System. The issue is located in the Save function within the /ctcms/libs/Ct App.php file of the Backend App Configuratio...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the doEval function. An attacker can execute arbitrary code by injecting malicious expressions. Remediation Upgrade com.aizuda:snail-job-common-core to version 1.7.0-beta1 or higher. References - gitee...