Code Injection

Gardener Extensions is vulnerable to Code Injection. The vulnerability is due to improper handling of user-controlled input in Terraformer-based infrastructure provisioning across AWS, Azure, OpenStack, and GCP providers, which allows an attacker with administrative privileges in a Gardener proje...

EUVD-2025-60991

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...

CVE-2025-42887

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...

CVE-2025-42895

CVE-2025-42895 affects the SAP HANA JDBC Client. The vulnerability arises from insufficient validation of connection property values, allowing a high-privilege, locally authenticated user to supply crafted parameters that lead to unauthorized code loading. According to the connected sources, the ...

CVE-2025-42895 Code Injection vulnerability in SAP HANA JDBC Client

Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability o...

CVE-2025-42895 Code Injection vulnerability in SAP HANA JDBC Client

Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability o...

CVE-2025-42887

CVE-2025-42887 affects SAP Solution Manager. The vulnerability is a code-injection flaw caused by missing input sanitization when an authenticated user calls a remote-enabled function module, potentially allowing full system compromise with high impact to confidentiality, integrity, and availabil...

CVE-2025-42887 Code Injection vulnerability in SAP Solution Manager

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...

CVE-2025-42887 Code Injection vulnerability in SAP Solution Manager

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...

WordPress plugin Elastic Theme Editor 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

SAP HANA 代码注入漏洞

SAP HANA is a set of high-performance real-time data analytics platform from Germany's SAP SAP. The platform provides data query functionality to support users to query and analyze real-time business data. A code injection vulnerability exists in SAP HANA that stems from insufficient validation o...

WordPress plugin Holiday class post calendar 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

NVIDIA Nemo Framework 代码注入漏洞

NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. A code injection vulnerability exists in the NVIDIA Nemo Framework that stems from malicious input that could lead to improper control of code generation, which could result in code execution,...

NVIDIA Nemo Framework 代码注入漏洞

NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. A code injection vulnerability exists in NVIDIA Nemo Framework, which stems from the bert services component that may process malicious data, which could lead to code injection, elevation of privileg...

PT-2025-46369

Name of the Vulnerable Software and Affected Versions NVIDIA Megatron-LM affected versions not specified Description The software contains a flaw in a script that could allow an attacker to inject code by providing malicious data. Exploitation of this issue may result in code execution, privilege...

NVIDIA Megatron-LM 代码注入漏洞

NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that is specifically designed for training large Transformer language models. NVIDIA Megatron-LM suffers from a code injection vulnerability that stems from scripts improperly handling malicious data, which could lea...

WordPress Easy Appointments plugin cross-site scripting vulnerability

WordPress Easy Appointments plugin is a free WordPress appointment management plugin, mainly used to create and manage service appointment system, support multi-location, multi-service, multi-staff appointment function. A cross-site scripting vulnerability exists in the WordPress Easy Appointment...

PT-2025-46300

Name of the Vulnerable Software and Affected Versions WP Go Maps formerly WP Google Maps versions prior to 9.0.48 Description The software does not properly sanitize user-provided input through an AJAX action. This allows unauthenticated users to inject and store malicious code that can be execut...

SAP Solution Manager 代码注入漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

CVE-2025-64496

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers vi...