CVE-2025-10875

CVE-2025-10875 affects Salesforce Mulesoft Anypoint Code Builder before 1.11.6. The issue is improper neutralization of input used for LLM prompting, enabling possible code injection via input handling when prompting LLMs. Impact is limited to confidentiality and integrity (LOW), with network att...

CVE-2025-10875

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6...

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

Salesforce Agentforce Vibes Extension 安全漏洞

Salesforce Agentforce Vibes Extension is an AI-coded agent extension from Salesforce, Inc. in the United States. A security vulnerability exists in Salesforce Agentforce Vibes Extension versions prior to 3.2.0 that stems from improper neutralization of LLM prompt inputs, which could lead to code...

PT-2025-45025

Name of the Vulnerable Software and Affected Versions Salesforce Mulesoft Anypoint Code Builder versions prior to 1.11.6 Description An issue exists in Salesforce Mulesoft Anypoint Code Builder related to improper neutralization of input used for LLM prompting, which can lead to code injection. T...

Cursor 代码注入漏洞

Cursor is an AI code editor from the Cursor open source. A code injection vulnerability exists in Cursor 1.7.44 and earlier versions, which stems from an NTFS path feature that allows bypassing sensitive file protections and could lead to remote code execution...

PT-2025-45033

Name of the Vulnerable Software and Affected Versions Salesforce Agentforce Vibes Extension versions prior to 3.2.0 Description An issue exists in Salesforce Agentforce Vibes Extension related to improper neutralization of input used for LLM prompting, which can lead to code injection. The issue...

Salesforce Mulesoft Anypoint Code Builder 安全漏洞

Salesforce Mulesoft Anypoint Code Builder is an integrated development environment from Salesforce USA. A security vulnerability exists in Salesforce Mulesoft Anypoint Code Builder versions prior to 1.11.6, which stems from improper input neutralization and could lead to code injection...

DELMIA Apriso Code Injection Vulnerability (CVE-2025-6204)

The version of DELMIA Apriso installed on the remote host is Release 2020 through Release 2025. It is, therefore, affected by an Improper Control of Generation of Code Code Injection vulnerability CVE-2025-6204 that could allow an attacker to execute arbitrary code. Note that Nessus has not teste...

WordPress plugin Advanced Ads – Ad Manager & AdSense 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

CVE-2025-34277

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

EUVD-2025-37218

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

LogicalDOC Community Edition 代码注入漏洞

LogicalDOC Community Edition is a documentation system from LogicalDOC Italy. A code injection vulnerability exists in LogicalDOC Community Edition 9.2.1 and earlier versions, which stems from a cross-site scripting vulnerability in the API Key creation UI component...

CVE-2025-34277

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

CVE-2025-34277

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

GO-2025-4048 Mattermost Server is vulnerable to Code Injection through its LDAP fields in github.com/mattermost/mattermost-server

Mattermost Server is vulnerable to Code Injection through its LDAP fields in github.com/mattermost/mattermost-server...

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

PT-2025-44518

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1.3.1 Description The software contains a code injection issue stemming from inadequate validation of dashboard ID values before they are processed by an internal API. An attacker can leverage crafted...

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack

Threat actors are actively exploiting multiple security flaws impacting Dassault Systèmes DELMIA Apriso and XWiki, according to alerts issued by the U.S. Cybersecurity and Infrastructure Security Agency CISA and VulnCheck. The vulnerabilities are listed below - CVE-2025-6204 CVSS score: 8.0 - A...