Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

Eigenfocus 代码注入漏洞

Eigenfocus is a project management, planning software from Eigenfocus open source. A code injection vulnerability exists in Eigenfocus 1.4.0 and earlier versions, which stems from incorrect manipulation of the parameter entry.description/timeentry.description, and could lead to a cross-site...

PHPGurukul Hostel Management System 跨站脚本漏洞

Hostel Management System is a hostel management system. Hostel Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter cdetails in the file /register-complaint.php, which can be exploit...

Flowise JS Injection RCE

This module exploits a remote code execution vulnerability in Flowise versions = 2.2.7-patch.1 and = 3.0.1, authentication via FLOWISEEMAIL and FLOWISEPASSWORD is required due to JWT token verification. Module Options msf use exploit/multi/http/flowisejsrce msf exploitflowisejsrce show targets...

WordPress Code Snippets plugin code injection vulnerability

WordPress Code Snippets plugin is a plugin designed for WordPress to conveniently add and manage custom code snippets without having to directly modify the theme files. The WordPress Code Snippets plugin suffers from a code injection vulnerability that stems from the evaluateshortcodefromflatfile...

Markdown To Pdf 代码注入漏洞

Markdown To Pdf is a simple and crackable Cli tool from the individual developer Simon Hanisch in Germany. Used to convert Markdown to pdf. A code injection vulnerability exists in Markdown To Pdf versions prior to 5.2.5, which stems from improper handling of Markdown front-end blocks and could...

EUVD-2025-198307

SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening edited page. This issue was fixed in version 1.55...

Public Knowledge Project Platform OJS/OMP/OPS 代码注入漏洞

Public Knowledge Project Platform OJS/OMP/OPS PKP Platform OJS/OMP/OPS is an open source publishing platform from Public Knowledge Project, Inc. A code injection vulnerability exists in Public Knowledge Project Platform OJS/OMP/OPS, which stems from an incorrect manipulation of parameter...

CampCodes Complete Online Beauty Parlor Management System 代码注入漏洞

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Name ...

Dell SmartFabric OS10 Software Code Injection Vulnerability

Dell SmartFabric OS10 Software is a Debian Linux-based operating system from Dell, USA. Dell SmartFabric OS10 Software suffers from a code injection vulnerability that can be exploited by an attacker to cause code execution...

Arbitrary Code Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via ya...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the CSS-to-JavaScript module conversion feature. An attacker can execute arbitrary JavaScript code by injecting $... expressions into CSS files, which are then evaluated when the resulting JavaScript module i...

CVE-2025-33184

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2025-33183

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2025-10703

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

CVE-2025-10703

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

CVE-2025-10702

CVE-2025-10702 is a code-injection vulnerability in Progress DataDirect JDBC family (DataDirect Connect for JDBC, OpenAccess JDBC, and Hybrid Data Pipeline). The issue centers on the SpyAttribute connection option, which can be used with an undocumented syntax to load an arbitrary class on the cl...