The vulnerability of the EQUELLA repository in the virtual learning environment Moodle, which allows a perpetrator to execute arbitrary code.

The vulnerability of the EQUELLA repository in the virtual learning environment Moodle is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the WebKit component in the Safari browser, available on iOS operating systems, macOS Sonoma, iPadOS, and tvOS, allows a hacker to execute arbitrary code.

The vulnerability of the WebKit component in the Safari browser, as well as in the iOS and macOS Sonoma operating systems, iPadOS, and tvOS, is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Dropbox’s repository in the virtual learning environment Moodle allows a perpetrator to execute arbitrary code.

The vulnerability of Dropbox’s virtual learning environment Moodle is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The Hidden Risks of LLM-Generated Web Application Code: a Security-Centric Evaluation of Code Generation Capabilities in Large Language Models

The rapid advancement of Large Language Models LLMs has enhanced software development processes, minimizing the time and effort required for coding and enhancing developer productivity. However, despite their potential benefits, code generated by LLMs has been shown to generate insecure code in...

SecRepoBench: Benchmarking LLMs for Secure Code Generation in Real-World Repositories

This paper introduces SecRepoBench, a benchmark to evaluate LLMs on secure code generation in real-world repositories. SecRepoBench has 318 code generation tasks in 27 C/C++ repositories, covering 15 CWEs. We evaluate 19 state-of-the-art LLMs using our benchmark and find that the models struggle...

The vulnerability of the eval() function in Cloud Deployment modules and the Query Tool, a database management tool for pgAdmin 4, allows a hacker to execute arbitrary code.

The vulnerability of the eval function in the Cloud Deployment and Query Tool modules of the pgAdmin 4 database management tool is related to improper code generation during processing of endpoints like /sqleditor/querytool/download and /cloud/deploy, when the querycommited and highavailability...

The vulnerability of SAP ERP BW Business Content software-related software for managing business processes arises from improper code generation, allowing attackers to execute arbitrary code.

The vulnerability of SAP ERP BW Business Content software-related business process management software is related to incorrect code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2025-23251

NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering...

CVE-2025-23251

CVE-2025-23251 (NVIDIA NeMo Framework) involves a code-generation control weakness that could allow remote code execution, with potential data tampering. Multiple sources (NVD, NVIDIA security bulletin, Red Hat, PT Security) confirm the flaw and its impact, describing an attacker who could execut...

GraphAttack: Exploiting Representational Blindspots in LLM Safety Mechanisms

Large Language Models LLMs have been equipped with safety mechanisms to prevent harmful outputs, but these guardrails can often be bypassed through "jailbreak" prompts. This paper introduces a novel graph-based approach to systematically generate jailbreak prompts through semantic transformations...

CVE-2025-29705

code-gen =2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects...

code-gen 安全漏洞

code-gen is a code generation tool for tanghc individual developers. A security vulnerability exists in code-gen 2.0.6 and earlier versions, which stems from a lack of privilege control and could lead to arbitrary access...

CVE-2025-29705

The CVE-2025-29705 entry concerns code-gen versions 2.0.6 and earlier, with an underlying flaw of Incorrect Access Control due to missing permission controls. This allows anyone to access such projects (impact described as unauthenticated access to projects). Public references corroborate the vul...

The vulnerability of the functional module of the SAP S/4HANA software platform’s RFC interface allows a perpetrator to execute arbitrary code.

The vulnerability of the functional module of the SAP S/4HANA software platform’s RFC interface is related to improper code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary ABAP code remotely and gain unauthorized access to the system...

The vulnerability of the Fresh Framework plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the Fresh Framework plugin for WordPress content management systems is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to improper code generation, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to improper code generation. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the sys_exec() function in the MariaDB database management system allows a attacker to execute arbitrary commands with elevated privileges.

The vulnerability of the sysexec function in the MariaDB database management system is related to improper code generation. Exploiting this vulnerability allows an attacker to execute arbitrary commands with elevated privileges...

The vulnerability of the Jenkins Templating Engine (JTE) in the Jenkins automation server, related to improper code generation management, allows attackers to bypass security restrictions and execute arbitrary code.

The vulnerability of the Jenkins Templating Engine JTE in the Jenkins automation server is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute arbitrary code...

The vulnerability of the JDBC driver configuration of the Kylin data processing platform allows a hacker to execute arbitrary code.

The vulnerability of the JDBC driver configuration of the Kylin data processing platform is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the GeoTools library, a software solution for managing and publishing geospatial data on the OSGeo GeoServer server, arises from improper code generation management. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the GeoTools library, a software solution for managing and publishing geospatial data on the OSGeo GeoServer server, is related to improper handling of code generation. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary code by...