CVE-2026-35086

CVE-2026-35086 affects Apache OFBiz prior to 24.09.06, describing an improper control of code generation in the email services (code injection). The vulnerability is tied to Unsafe Template Expansion and is associated with authenticated remote execution in some listings; vendor guidance recommend...

CVE-2026-35086

Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-31379

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...

CVE-2026-31379 Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...

EUVD-2026-30860

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...

Apache OFBiz 路径遍历漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a path traversal vulnerability. This vulnerability was due to imprope...

PT-2026-41856

Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

Apache OFBiz 代码注入漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had a code injection vulnerability, which originated from a code injection...

PT-2026-41860

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.06 Description Improper Control of Generation of Code Code Injection and Improper Neutralization of Directives in Dynamically Evaluated Code Eval Injection in the 'traverseContent' service allow authenticat...

AutoGPT 代码注入漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. In versions 0.6.34 to 0.6.51 of AutoGPT, there was a code injection vulnerability. This vulnerability stemmed from the use of pickle.loads to deserialize Redis cache data without proper...

ModelScope 代码注入漏洞

ModelScope is an open-source model service and inference training platform developed by ModelScope. Version 1.25.0 of ModelScope contains a code injection vulnerability. This vulnerability stems from allowing attackers to execute arbitrary code by using a specially crafted module listed under the...

Apache OFBiz 代码注入漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a code injection vulnerability. This vulnerability stemmed from...

PT-2026-41848

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...

Eclipse Glassfish 代码注入漏洞

Eclipse Glassfish is an application server developed by the Eclipse Foundation. Eclipse Glassfish has a code injection vulnerability. This vulnerability stems from allowing users with panel access rights to send custom requests, thereby enabling them to execute arbitrary operating system commands...

ChromaDB Python project has a pre-authentication code injection vulnerability

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

GHSA-F4J7-R4Q5-QW2C ChromaDB Python project has a pre-authentication code injection vulnerability

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

Arbitrary Code Injection

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Arbitrary Code Injection via the calculation parameter in the V1 Views API, which is interpolated directly into a CouchDB reduce function without validation. An attacker can execute arbitrary...

GHSA-363W-HVWH-W7M6 Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API

Security Advisory: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API Affected Software: Budibase Affected Component: packages/server/src/api/controllers/view/viewBuilder.ts, packages/server/src/api/routes/view.ts CWE: CWE-94 Improper Control of Generation of Code...

CVE-2026-45829

A flaw was found in the ChromaDB Python project. This pre-authentication code injection vulnerability allows an unauthenticated attacker to execute arbitrary code on the server. The attacker can achieve this by sending a malicious model repository to the...

CVE-2026-45829

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...