xunruicms 跨站脚本漏洞

xunruicms is a website builder framework for individual developers of XunRuiCMS. A code injection vulnerability exists in xunruicms 4.7.1 and earlier versions, which stems from incorrect manipulation of the parameter dataname in the file /admind45f74adbd95.php, and could lead to cross-site...

JIZHICMS 代码注入漏洞

JIZHICMS Jizhi CMS is a set of open source content management system CMS of China Jizhi JIZHI company. A code injection vulnerability exists in JIZHICMS 2.5.5 and earlier versions, which stems from incorrect manipulation of the parameter body in the file /index.php/admins/Comment/addcomment.html,...

XunRuiCMS 代码注入漏洞

XunRuiCMS XunRuiCMS is a content management system for individual developers of XunRuiCMS. A code injection vulnerability exists in XunRuiCMS 4.7.1 and earlier versions, which stems from incorrect manipulation of the component Domain Name Binding Page in the file /admin79f2ec220c7e.php, which cou...

Exploit for CVE-2025-13486

Lab: CVE-2025-13486 - Remote Code Execution in Advanced Custom...

Arbitrary Code Injection

Overview react-server-dom-turbopack is a React Server Components bindings for DOM using Turbopack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe...

Arbitrary Code Injection

Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserialization ...

CVE-2025-65187

A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed...

Masa CMS 代码注入漏洞

Masa CMS is a digital experience platform. A code injection vulnerability exists in Masa CMS versions prior to 7.2.8, prior to 7.3.13, and prior to 7.4.6, which stems from the addParam function accepting user input and evaluating it via setDynamicContent, which could lead to remote code execution...

DeepChat 代码注入漏洞

DeepChat is an intelligent assistant open-sourced by ThinkInAIXYZ. A code injection vulnerability exists in DeepChat 0.5.0 and earlier versions, which stems from the presence of stored cross-site scripting in the Mermaid chart renderer, which could lead to remote code execution...

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk Clou...

WordPress plugin Advanced Custom Fields Extended 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

CVE-2025-13658 Industrial Video & Control Longwatch has a Code Injection vulnerability

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges...

CVE-2025-13658 Industrial Video & Control Longwatch has a Code Injection vulnerability

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges...

CVE-2025-13658

CVE-2025-13658 affects Industrial Video & Control Longwatch devices. The root cause is the absence of code signing and execution controls on an exposed endpoint, allowing unauthenticated HTTP GET requests to inject and execute arbitrary code. Exploitation leads to SYSTEM-level privileges and pote...

BIT-FLUX-2022-24817 Improper kubeconfig validation allows arbitrary code execution

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...

Arbitrary Code Injection

Overview kagura-ai is an Universal AI Memory Platform - MCP-native context management for all AI agents Affected versions of this package are vulnerable to Arbitrary Code Injection due to missing access restrictions in multiple tool endpoints, including codingindexsourcecode,...

Industrial Video & Control Longwatch 代码注入漏洞

Industrial Video & Control Longwatch is an industrial-grade video surveillance and management platform from Industrial Video & Control, Inc. Industrial Video & Control Longwatch suffers from a code injection vulnerability that originates from an unauthenticated HTTP GET request that can execute...

Arbitrary Code Injection

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Arbitrary Code Injection via the config class named NemotronNanoVLConfig. An attacker can execute arbitrary code on the host system by publishing a...

Arbitrary Code Injection

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection via insufficient validation in the cleanDangerousTwig function. An attacker can execute arbitrary commands on the...

CLSA-2025-1764615000 python3.11-setuptools: Fix of CVE-2024-6345

CVE-2024-6345: Fix code injection vulnerability in package download functions...