CVE-2025-31365

An Improper Control of Generation of Code 'Code Injection' vulnerability CWE-94 in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website...

CVE-2025-42901 Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...

CVE-2025-42901 Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...

CVE-2025-42901

CVE-2025-42901 affects SAP Application Server for ABAP (BAPI Explorer) where an authenticated attacker can store malicious JavaScript payloads that execute in the victim’s browser. Impact is described as low for confidentiality and integrity, with no availability impact. Root cause involves store...

PT-2025-41950

Name of the Vulnerable Software and Affected Versions FortiClientMac versions 7.2.1 through 7.2.8 FortiClientMac versions 7.4.0 through 7.4.3 Description An issue exists in FortiClientMac that could allow an unauthenticated attacker to execute arbitrary code on a user's system. This is due to an...

Fortinet FortiClientMAC 代码注入漏洞

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. A code injection vulnerability exists in Fortinet FortiClientMac, which stems from the application's failure to properly filter special elements of constructed snippets, and can be exploited by an...

SAP Application Server for ABAP 代码注入漏洞

SAP Application Server for ABAP is a load balancing, memory management platform from SAP, Germany. A code injection vulnerability exists in SAP Application Server for ABAP that originates from allowing an authenticated attacker to store a malicious JavaScript payload that could lead to a cross-si...

Phoenix Contact CHARX SEC-3150 代码注入漏洞

The Phoenix Contact CHARX SEC-3150 is an AC charge controller from Phoenix Contact, Germany. The Phoenix Contact CHARX SEC-3150 suffers from a code injection vulnerability that originates from a low-privileged remote attacker who can perform command injection by changing the system configuration...

CVE-2025-11184 Cross-Site Scripting Vulnerability in QWC2 Registration GUI

Cross-site scripting vulnerability in QGIS QWC2 Registration GUI =v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page...

RMPocalypse: How a Catch-22 Breaks AMD SEV-SNP

This paper presents RMPocalypse, a novel attack that shows a critical gap in the security of RMP initialization, wherein the x86 cores maliciously control parts of the initial RMP state. The analysis shows that the vulnerability arises due to the complex, but insufficient, interplay of multiple...

Arbitrary Code Injection

Overview org.webjars.npm:happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Arbitrary Code Injection due to default evaluation o...

Cherry Studio 代码注入漏洞

Cherry Studio is a multi-model AI assistant from China's Thousand Comets Cherry Studio. A code injection vulnerability exists in Cherry Studio, which stems from the direct execution of commands in base64-encoded configuration data when processing URLs of type cherrystudio://mcp, which could lead ...

happy-dom 代码注入漏洞

happy-dom is a JavaScript implementation of a web browser without a graphical user interface by the individual developer David Ortner. A code injection vulnerability exists in happy-dom version 19 and earlier, which stems from insufficient isolation of the Node.js VM Context environment and could...

CVE-2025-61773 pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters

pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...

CVE-2025-61773 pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters

pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...

EUVD-2025-33353

pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...

EUVD-2025-33173

Cross-site scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...

Code-Projects Voting System 代码注入漏洞

Code-Projects Voting System is a Code-Projects open source election system. A code injection vulnerability exists in Code-Projects Voting System version 1.0, which stems from incorrect manipulation of the parameters Firstname/Lastname/Platform in the file /admin/candidatesedit.php, which could le...

itsourcecode Leave Management System 代码注入漏洞

itsourcecode Leave Management System is an open source leave management system from itsourcecode. A code injection vulnerability exists in version 1.0 of itsourcecode Leave Management System, which stems from incorrect manipulation of the parameter ID in the file /module/employee/controller.php,...

OpnForm 代码注入漏洞

OpnForm is a form builder by Julien Nahum Personal Developer. A code injection vulnerability exists in OpnForm 1.9.3 and earlier versions, which stems from an incorrect operation of the component Form Editor in file/api/open/forms, and could lead to a cross-site scripting attack...