CVE-2025-12843

CVE-2025-12843 describes a code injection vulnerability in Wave Term (waveterm) for macOS, affecting version 0.12.2. The issue arises from Electron Fuses code injection and allows a TCC bypass, with CVSS parameters indicating local access, low attack complexity, and low privileges required. The i...

CVE-2025-12843 Code Injection in Wave Term v0.12.2 allowing TCC Bypass

Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...

CVE-2025-12843 Code Injection in Wave Term v0.12.2 allowing TCC Bypass

Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...

Security Bulletin: Vulnerabilities in smarty and axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in smarty and axios. Vulnerabilities include allowing an attacker to inject malicious scripts into a Web page and steal cookie-based authentication credentials, execute arbitrary code on the system, and...

WordPress WPMasterToolKit (WPMTK) plugin <= 2.13.0 - Authenticated (Author+) Code Injection vulnerability

Authenticated Author+ Code Injection vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WPMasterToolKit versions = 2.13.0...

Vulnerabilities fixed in SAP Software

SAP has fixed multiple vulnerabilities in several products, including SAP Solution Manager, SAP jConnect, SAP Web Dispatcher, SAP NetWeaver, SAP S/4 HANA Private Cloud, and SAP BusinessObjects. The vulnerabilities include code injection, deserialization, and insufficient input validation, which c...

EUVD-2025-202995

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

CVE-2025-14166

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

CVE-2025-14166

CVE-2025-14166 concerns the WordPress plugin WPMasterToolKit (WPMTK) up to version 2.13.0. The source documents confirm that an authenticated user with Contributor+ or Author+ roles can exploit Code Snippets via the plugin to inject PHP code on the server, enabling remote code execution and poten...

CVE-2025-14166 WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

CVE-2025-14166 WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

WordPress plugin WPMasterToolKit 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code...

Wave Terminal 代码注入漏洞

Wave Terminal is an enterprise collaboration system from Wave Terminal open source. A code injection vulnerability exists in Wave Terminal version 0.12.2, which stems from Electron Fuses code injection and could lead to a TCC bypass...

PT-2025-50863

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

PT-2025-50942

Name of the Vulnerable Software and Affected Versions waveterm version 0.12.2 Description Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. The issue allows for code execution by exploiting Electron Fuses. Recommendations At the moment, there is no information about a...

lightning-flow-scanner 代码注入漏洞

lightning-flow-scanner is an open source command line automation plugin for Lightning Flow Scanner. A code injection vulnerability exists in lightning-flow-scanner version 6.10.5 and earlier, which stems from a maliciously constructed flow metadata file that could lead to arbitrary JavaScript...

Qualitor 代码注入漏洞

Qualitor is a managed service process and centralized service platform from Qualitor, Inc. A code injection vulnerability exists in Qualitor 8.24.73 and earlier versions, which stems from incorrect manipulation of the parameter cdscript in the file...

CVE-2024-58303

FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generati...

Arbitrary Code Injection

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Arbitrary Code Injection via the hasmetacommands function. An attacker can execute arbitrary commands on the system by crafting a SQL file that begins with a UTF-8 Byte Order Mark or special byte sequences...

warehouseManager 代码注入漏洞

warehouseManager is a warehouse management system developed by yangshare individual developers in China. A code injection vulnerability exists in warehouseManager version 1.1.0, which originates from the incorrect operation of the parameter Name in the function addCustomer in the file...