36545 matches found
Code-Projects Student Information System 代码注入漏洞
Student Information System is a student information system. The Student Information System suffers from a cross-site scripting vulnerability that stems from the mishandling of user input by an unspecified functional component in the /register.php file. An attacker can exploit this vulnerability b...
Code-Projects Student Information System 代码注入漏洞
Student Information System is a student information system. A cross-site scripting vulnerability exists in the Student Information System, which originates from an unspecified function in the /editprofile.php file that improperly handles user input. An attacker can exploit this vulnerability by...
Code-Projects Simple Cafe Ordering System 代码注入漏洞
Simple Cafe Ordering System is a simple coffee ordering system. The Simple Cafe Ordering System suffers from a cross-site scripting vulnerability that arises from insufficient security filtering of the productname parameter in the /addtocart file. An attacker could use this vulnerability to execu...
HSEC-2023-0003 code injection in xmonad-contrib
code injection in xmonad-contrib The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the xmobar window title, as demonstrated using an action tag...
Bdtask Isshue - Multi Store eCommerce Shopping Cart Solution 代码注入漏洞
Bdtask Isshue - Multi Store eCommerce Shopping Cart Solution is an e-commerce shopping cart system from Bdtask Bangladesh. A code injection vulnerability exists in Bdtask Isshue - Multi Store eCommerce Shopping Cart Solution version 4.0 and prior versions, which originates from an incorrect...
h3blog 代码注入漏洞
h3blog is a light blogging system focusing on creation by H.C.Q individual developers. A code injection vulnerability exists in version 1.0 of h3blog, which stems from the incorrect operation of the parameter Title in the file /admin/cms/category/addtitle, and could lead to a cross-site scripting...
h3blog 跨站脚本漏洞
h3blog is a creation-focused light blogging system by H.C.Q's individual developers. A code injection vulnerability exists in version 1.0 of h3blog, which stems from the incorrect operation of the parameter Name in the file /admin/cms/material/add, and could lead to a cross-site scripting attack...
CVE-2024-48829
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code 'Code Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...
Arbitrary Code Injection
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Arbitrary Code Injection through the PLAIN SQL file, which includes any meta-commands. An attacker can execute arbitrary commands on the server by supplying a crafted PLAIN-format SQL dump file during...
SAP Pushes Emergency Patch for 9.9 Rated CVE-2025-42887 After Full Takeover Risk
CVE 2025 42887 vulnerability, rated 9.9, allows code injection through Solution Manager giving attackers full SAP control urgent patch needed to block system takeover...
CVE-2025-12382
Improper Limitation of a Pathname 'Path Traversal' vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 up to build 320, A33.10 up to build...
Malicious code in eslint-plugin-ophiuchus-pino-chromedriver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72910fde647545178f4ccecb0cd7f8485357f83fd546d2c8329012ecdc9f34e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-33178
NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data...
Siemens RUGGEDCOM ROX, SIMATIC S7-1500 Uncontrolled Search Path Element (CVE-2019-5443)
A non-privileged user or program can put code and a config file in a known non-privileged path under C:/usr/local/ that will make curl = 7.65.1 automatically run the code as an openssl engine on invocation. If that curl is invoked by a privileged user it can do anything it wants. This plugin only...
WordPress plugin Import any XML, CSV or Excel File to WordPress 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Impor...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the oidc-claims-extension.groovy script when the claimsparametersupported parameter is enabled. An attacker can inject arbitrary values into claims returned in idtoken or userinfo by supplying a crafted JSON...
CVE-2024-48829
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code 'Code Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...
CVE-2024-48829
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code 'Code Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...
CVE-2024-48829
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code 'Code Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...
CVE-2024-48829
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code 'Code Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...