Lucene search
K

1574 matches found

NVD
NVD
added yesterday8 views

CVE-2026-57811

Improper Control of Generation of Code 'Code Injection' vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows Remote Code Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through = 5.2.0...

10CVSS0.00564EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 4:16 p.m.11 views

CVE-2026-24248

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00175EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 2:57 p.m.16 views

CVE-2026-24248

NVIDIA Megatron Bridge for Linux contains CVE-2026-24248: an attacker could cause improper control of code generation, potentially leading to code execution, privilege escalation, data tampering, and information disclosure. Affected product: Megatron Bridge for Linux. Root cause: improper control...

7.8CVSS5.8AI score0.00175EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:57 p.m.7 views

CVE-2026-24248

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.8AI score0.00175EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/07/01 2:57 p.m.34 views

CVE-2026-24248

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00175EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54718

Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge for Linux affected versions not specified Description An issue exists where an attacker could cause improper control of code generation. This could lead to code execution, escalation of privileges, data tampering, and...

7.8CVSS6AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-271 Apache Airflow Hive Provider vulnerable to code injection

Apache Software Foundation's Apache Airflow Hive Provider before 6.0.0 is vulnerable to improper control of generation of code...

9.8CVSS7.3AI score0.02765EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:16 p.m.5 views

CVE-2026-54271

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

8.2CVSS5.9AI score0.00228EPSS
Exploits0References2Affected Software1
Redos
Redos
added 2026/06/22 12:0 a.m.5 views

ROS-20260622-73-0020

The vulnerability in Firefox is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.8CVSS6.2AI score0.00446EPSS
Exploits0
Redos
Redos
added 2026/06/22 12:0 a.m.6 views

ROS-20260622-73-0022

The vulnerability in Thunderbird is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.8CVSS6.2AI score0.00446EPSS
Exploits0
NVD
NVD
added 2026/06/19 8:16 p.m.16 views

CVE-2026-48787

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

8.7CVSS0.0047EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:46 p.m.28 views

CVE-2026-48787 gin-vue-admin vulnerable to RCE

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

8.7CVSS0.0047EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:46 p.m.5 views

CVE-2026-48787

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

8.7CVSS6.6AI score0.0047EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 7:46 p.m.24 views

CVE-2026-48787

CVE-2026-48787 affects gin-vue-admin (AI-assisted basic development platform) in version 2.9.1. An authenticated attacker with access to the code-generation feature and MCP management interface can inject attacker-controlled Go source code via POST /autoCode/addFunc, then trigger a rebuild of the...

8.7CVSS6.6AI score0.0047EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 2:16 p.m.14 views

CVE-2026-9143

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

6.3CVSS0.0018EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 1:48 p.m.31 views

CVE-2026-9143 Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

6.3CVSS0.0018EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 1:48 p.m.25 views

CVE-2026-9143

CVE-2026-9143 describes an incorrect conversion between numeric types in NI grpc-device due to missing range checks in CodeGen, potentially discarding high bits when a size value exceeds the target type’s range. Affected: NI grpc-device ≤ 2.17.0. Metrics: CVSSv3.1 base 3.7 (LOW); CVSSv4.0 base 6....

6.3CVSS5.8AI score0.0018EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 1:48 p.m.8 views

CVE-2026-9143

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 8:16 p.m.13 views

CVE-2026-38812

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information...

9.8CVSS0.00393EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/15 8:13 p.m.7 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted schema names that are incorporated into generated JavaScript output, which is then executed or imported by the...

8.2CVSS6.2AI score0.00228EPSS
Exploits0References2
Rows per page
Query Builder