PT-2025-43833

Improper Control of Generation of Code 'Code Injection' vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Remote Code Inclusion.This issue affects Paid Videochat Turnkey Site: from n/a through = 7.3.22...

PHP Business Website 代码注入漏洞

PHP Business Website is a PHP business website by the individual developer Iqbolshoh Ilhomjonov. PHP Business Website suffers from a code injection vulnerability that stems from the incorrect manipulation of the parameter twitter in the file admin/contact.php, which could lead to a cross-site...

projectworlds Gate Pass Management System 跨站脚本漏洞

Projectworlds Gate Pass Management System is an open source gate management system from Projectworlds. A code injection vulnerability exists in version 1.0 of the projectworlds Gate Pass Management System, which originates from a cross-site scripting vulnerability in an unknown function in the fi...

SUSE CVE-2025-59823

Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...

CVE-2025-49926

Improper Control of Generation of Code 'Code Injection' vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through = 3.25...

CVE-2025-58970

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through = 1.6.7...

CVE-2025-60206

Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through = 7.8.3...

WordPress Alone Theme plugin code injection vulnerability

The WordPress Alone Theme plugin is a premium theme for creating photography-based websites that sells close to 10,000 copies in the Envato marketplace and is mainly used by non-profit organizations e.g. charities, fundraising organizations, etc.. WordPress Alone Theme plugin suffers from a code...

GO-2025-3981 Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning in github.com/gardener/gardener-extension-provider-aws

Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning in github.com/gardener/gardener-extension-provider-aws...

CVE-2025-52756

Improper Control of Generation of Code 'Code Injection' vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through = 1.9.4...

CVE-2025-62023

Improper Control of Generation of Code 'Code Injection' vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through = 250905...

Mediawiki - LanguageSelector Extension Code Injection Vulnerability

Mediawiki - LanguageSelector Extension is an extension for MediaWiki to provide multi-language support, allowing users to select and configure the interface language. A code injection vulnerability exists in Mediawiki - LanguageSelector Extension, which stems from improper neutralization of speci...

ChanCMS Code Injection Vulnerability

ChanCMS is a content management system. A code injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which stems from the function getArticle in the file appmodulescmscontrollergather.js that fails to correctly filter the special elements of the constructed snippet. An attacker ca...

Unspecified Vulnerabilities in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29152)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from an improperly set Content-Type...

Security Bulletin: Multiple vulnerabilities in IBM Aspera High-Speed Transfer Server, IBM Aspera High-Speed Transfer Endpoint and IBM Aspera Desktop Client.

Summary Multiple vulnerabilities were addressed in IBM Aspera High-Speed Transfer Server v4.4.7, IBM Aspera High-Speed Transfer Endpoint v4.4.7 and IBM Aspera Desktop Client v4.4.7. Vulnerability Details CVEID:CVE-2025-46818 DESCRIPTION: Redis is an open source, in-memory database that persists o...

Over 100 Chrome extensions break WhatsApp’s anti-spam rules

Recent research by Socket’s Threat Research Team uncovered a massive, coordinated campaign flooding the Chrome Web Store with 131 spamware extensions. These add-ons hijack WhatsApp Web—the browser version of WhatsApp—to automate bulk messages and skirt anti-spam controls. Spamware is software tha...

EUVD-2025-35385

Improper Control of Generation of Code 'Code Injection' vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through = 250905...

EUVD-2025-35419

Improper Control of Generation of Code 'Code Injection' vulnerability in Bearsthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through = 7.8.3...

EUVD-2025-35445

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through = 1.6.7...

EUVD-2025-35479

Improper Control of Generation of Code 'Code Injection' vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through = 1.9.2...