WordPress plugin Add Custom Codes 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Linux Distros Unpatched Vulnerability : CVE-2024-7883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secu...

Apache OFBiz 安全漏洞

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code execution vulnerability exists in Apache OFBiz versions prior to 24.09.02 that stems from improper...

CVE-2025-39483

Improper Control of Generation of Code 'Code Injection' vulnerability in imithemes Eventer allows Code Injection.This issue affects Eventer: from n/a before 3.9.9.1...

CVE-2025-39483

CVE-2025-39483 is an Unauthenticated Shortcode/Code Injection vulnerability in the imithemes Eventer WordPress plugin. Affected: Eventer before 3.9.9.1 (via versions up to 3.9.6 per sources). Impact: shortcodes could be abused to inject code. Remediation: update Eventer to version 3.9.9.1 or late...

WordPress plugin Eventer 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

CVE-2025-53187

Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function calls without prio...

BIT-GITLAB-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...

The vulnerability of the routecheck function in the ThinkPHP framework allows a hacker to execute arbitrary code.

The vulnerability of the routecheck function in the ThinkPHP framework is related to improper handling of code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending specially crafted commands...

PT-2025-32562

Name of the Vulnerable Software and Affected Versions: ABB ASPECT versions prior to 3.08.04-s01 Description: An issue in configuration led to the inclusion of debugging code in the released version of ABB ASPECT, allowing attackers to bypass authentication. This can enable an attacker to change t...

Linux Distros Unpatched Vulnerability : CVE-2024-1552

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.Note: This issue only affects 32-bit ARM devices. Th...

The vulnerability of the sys/audit component in the Vault Enterprise and Vault Community Edition enterprise information archiving platform allows a perpetrator to gain unauthorized access to execute arbitrary code.

The vulnerability of the sys/audit component in the Vault Enterprise and Vault Community Edition enterprise information archiving platforms is related to improper code generation management. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to...

AI wrote my code and all I got was this broken prototype

Welcome to this week's edition of the Threat Source newsletter. Vulnerabilities within software are a persistent challenge. Software engineers inadvertently tend to make the same mistakes repeatedly, with the same entries appearing in the annual top 25 list of Common Weakness Enumerations each...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, related to improper code generation, allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to improper code generation. Exploiting these vulnerabilities allows a malicious actor to compromise the confidentiality and integrity of protected information...

Dassault Systèmes DELMIA Apriso 安全漏洞

Dassault Systèmes DELMIA Apriso is an interactive manufacturing application for digital enterprises from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes DELMIA Apriso versions 2020 through 2025 that stems from improper code generation controls and could lead to the...

PurpCode: Reasoning for Safer Code Generation

We introduce PurpCode, the first post-training recipe for training safe code reasoning models towards generating secure code and defending against malicious cyberactivities. PurpCode trains a reasoning model in two stages: i Rule Learning, which explicitly teaches the model to reference cybersafe...

SAMSUNG MagicINFO 9 Server Code Injection Vulnerability

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a code injection vulnerability that originates from improper code generation control and can be exploited by an attacker ...

CVE-2025-54451

Improper Control of Generation of Code 'Code Injection' vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

CVE-2025-54451

Improper Control of Generation of Code 'Code Injection' vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

SAMSUNG MagicINFO 9 Server 安全漏洞

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a code injection vulnerability that originates from improper code generation control and can be exploited by an attacker ...