36545 matches found
School Management System PHP & MYSQL 代码注入漏洞
School Management System PHP & MYSQL is a school management system by Elias Yasin, an individual developer. A code injection vulnerability exists in School Management System PHP & MYSQL, which originates from a misbehavior of the parameter First Name in the file /student-view.php, which could lea...
PT-2025-48395
Name of the Vulnerable Software and Affected Versions Qualitor versions prior to 8.20.105 and prior to 8.24.98 Description A security flaw exists in Qualitor that allows for code injection. The eval function within the file /html/st/stdeslocamento/request/getResumo.php is affected. Manipulation o...
Skuul school management system 代码注入漏洞
Skuul school management system is a school management system by the individual developer Marvellous Ifezue. A code injection vulnerability exists in Skuul School Management System version 2.6.5 and earlier, which stems from improper handling of SVG files in the file /dashboard/schools/1/edit, whi...
OrangeHRM 代码注入漏洞
OrangeHRM is a human resource management system HRM from OrangeHRM, Inc. in the United States. The system supports personnel information management, leave management, attendance management and recruitment management. A code injection vulnerability exists in OrangeHRM versions 5.0 through 5.7, whi...
CVE-2025-59302
In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...
CVE-2025-33204
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...
EUVD-2025-199820
In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...
CVE-2025-59302
In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...
CVE-2025-59302
In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...
CVE-2025-59302 Apache CloudStack: Potential remote code execution on Javascript engine defined rules
In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...
CVE-2025-59302
CVE-2025-59302 concerns Apache CloudStack where code injection is possible via admin-only APIs: quotaTariffCreate, quotaTariffUpdate, createSecondaryStorageSelector, updateSecondaryStorageSelector, updateHost, and updateStorage. The issue arises from improper control of code generation. A fix fla...
CVE-2025-59302 Apache CloudStack: Potential remote code execution on Javascript engine defined rules
In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...
PT-2025-48264
Name of the Vulnerable Software and Affected Versions Apache CloudStack versions 4.18.0 through 4.20.1 Apache CloudStack versions 4.21.0 through 4.21.9 Description An improper control of code generation 'Code Injection' issue exists in Apache CloudStack, specifically within several APIs accessibl...
Apache CloudStack 安全漏洞
Apache CloudStack is a suite of Infrastructure-as-a-Service IaaS cloud computing platforms from the Apache USA Foundation. The platform is primarily used to deploy and manage large networks of virtual machines. A security vulnerability exists in Apache CloudStack versions 4.18.0 through 4.20.2...
Arbitrary Code Injection
Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Arbitrary Code Injection via insufficient validation of the User-Agent header in browser requests. An attacker can execute arbitrary code on the host...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and code injection [CVE-2025-57350]
Summary Node.js module csvtojson is used by IBM App Connect Enterprise Certified Container for processing CSV data. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntergrationServer operands are vulnerable to denial of service and code injection. This...
EUVD-2025-199631
Contao is vulnerable to cross-site scripting in templates...
CVE-2025-65961
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A...
CVE-2025-65961 Contao is vulnerable to cross-site scripting in templates
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A...
EUVD-2025-199609
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...