Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the doEval function. An attacker can execute arbitrary code by injecting malicious expressions. Remediation Upgrade com.aizuda:snail-job-common-core to version 1.7.0-beta1 or higher. References - gitee...

GHSA-3F8C-8H8V-P54H snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function

A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...

Mayan EDMS 代码注入漏洞

Mayan EDMS is a free web-based document management system from Mayan EDMS, Inc. It is used to manage documents within an organization. A code injection vulnerability exists in Mayan EDMS 4.10.1 and prior versions, which stems from incorrect manipulation of the file /authentication/ and could lead...

Code-Projects Student File Management System 代码注入漏洞

Student File Management System is a student file management system. A cross-site scripting vulnerability exists in Student File Management System, which originates from an incorrect operation of the file /admin/updateuser.php, for which no detailed vulnerability details are currently available...

Code-Projects Student File Management System 代码注入漏洞

Student File Management System is a student file management system. Student File Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /admin/updatestudent.php, which can be exploited by a...

CVE-2025-12843

Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...

Code Injection

Open WebUI is vulnerable to a code injection vulnerability. The vulnerability is due to improper handling of Server-Sent Event SSE execute events in the Direct Connections feature, which allows an attacker controlling a malicious external model server to inject and execute arbitrary JavaScript in...

Arbitrary Code Injection

pgAdmin is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper handling of PLAIN-format dump files during restore operations in server mode, which allows an attacker to inject and execute arbitrary commands on the server hosting pgAdmin...

Remote Code Execution (RCE)

redaxo/source is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of template content allowing PHP code injection, which allows an attacker to execute arbitrary operating system commands when the template is rendered...

Arbitrary Code Injection

cbpi4 is vulnerable to Arbitrary Code Injection. The vulnerability is due to lack of validation of the "logtime" URL parameter before passing it to the os.system function, which allows an attacker to execute arbitrary commands...

Improper Certificate Validation

org.codehaus.mevenide, netbeans is vulnerable to improper certificate validation. The vulnerability is due to the autoupdate system failing to validate SSL certificates and hostnames for HTTPS-based downloads, which allows an attacker to intercept and modify autoupdate packages and potentially...

WordPress plugin The Shortcode Ajax 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule

Impact The APIVersion rule uses new Function to evaluate expression strings. A malicious crafted flow metadata file can cause arbitrary JavaScript execution during scanning. An attacker could execute arbitrary JavaScript during a scan by supplying a malicious expression within rule configuration ...

GHSA-55JH-84JV-8MX8 Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule

Impact The APIVersion rule uses new Function to evaluate expression strings. A malicious crafted flow metadata file can cause arbitrary JavaScript execution during scanning. An attacker could execute arbitrary JavaScript during a scan by supplying a malicious expression within rule configuration ...

CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

CVE-2025-67750

Lightning Flow Scanner is affected through versions 6.10.5 and earlier, where the APIVersion rule uses unsafe evaluation with new Function() to process expression strings. A maliciously crafted flow metadata file or rule configuration can cause arbitrary JavaScript execution during scanning, pote...

CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

EUVD-2025-203091

Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...

CVE-2025-12843

Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...

CVE-2025-12843

Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...