Lucene search
+L

217 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-59866

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota emitted x-ms-kiota-info clientClassName and clientNamespaceName values without identifier or path sanitization as both generated client class or namespace names and generated output path components when kiota generate ra...

9.3CVSS0.01354EPSS
Exploits0References4
CVE
CVE
added 3 days ago11 views

CVE-2026-59859

Kiota’s PHP generator (prior to 1.32.4) embeds OpenAPI-derived strings directly into PHP double-quoted literals via SanitizeDoubleQuote(), without escaping $. This permits attacker-controlled interpolation constructs like ${…}, $var, or {$obj->prop} to inject arbitrary PHP code into generated ...

8.7CVSS6.2AI score0.01016EPSS
Exploits0References4
OSV
OSV
added 2026/05/29 10:29 p.m.9 views

GHSA-8444-4FHQ-FXPQ PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default

Summary CVE-2026-44338 GHSA-6rmh-7xcm-cpxj documents that PraisonAI ships a code-generator praisonai.deploy.api.generateapiservercode that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart praisonai deploy --type api get a server that: -...

9.8CVSS6AI score0.0008EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/10 3:31 p.m.10 views

EUVD-2022-55980

WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the formid parameter. Attackers can craft malicious URLs to codegenerator.php with script payloads in the formid parameter t...

6.1CVSS5.9AI score0.00208EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/10 12:12 p.m.34 views

CVE-2022-50959 WordPress Contact Form Builder 1.6.1 Cross-Site Scripting via code_generator.php

WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the formid parameter. Attackers can craft malicious URLs to codegenerator.php with script payloads in the formid parameter t...

6.1CVSS0.00208EPSS
Exploits0References3
CVE
CVE
added 2026/05/10 12:12 p.m.17 views

CVE-2022-50959

CVE-2022-50959 affects WordPress Contact Form Builder 1.6.1. It is a reflected cross-site scripting vulnerability where an unauthenticated attacker can cause arbitrary JavaScript execution in a victim’s browser by injecting payloads via the form_id parameter, using crafted URLs to code_generator....

6.1CVSS5.9AI score0.00208EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/10 12:12 p.m.8 views

CVE-2022-50959 WordPress Contact Form Builder 1.6.1 Cross-Site Scripting via code_generator.php

WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the formid parameter. Attackers can craft malicious URLs to codegenerator.php with script payloads in the formid parameter t...

6.1CVSS5.9AI score0.00208EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/10 12:12 p.m.8 views

CVE-2022-50959

WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the formid parameter. Attackers can craft malicious URLs to codegenerator.php with script payloads in the formid parameter t...

6.1CVSS5.9AI score0.00208EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

WordPress plugin Contact Form Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS5.7AI score0.00208EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 1:49 p.m.20 views

CVE-2026-41507

CVE-2026-41507 affects math-codegen. Prior to 0.4.3, string literals passed to cg.parse() are injected into a new Function() body without sanitization, enabling attacker-controlled input to execute arbitrary system commands and potentially achieve full RCE when user input reaches the parser. The ...

9.8CVSS6.1AI score0.00393EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/08 1:49 p.m.30 views

CVE-2026-41507 Remote Code Execution (RCE) via String Literal Injection into math-codegen

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

9.8CVSS0.00393EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 1:49 p.m.4 views

CVE-2026-41507 Remote Code Execution (RCE) via String Literal Injection into math-codegen

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

9.8CVSS6.2AI score0.00393EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/31 10:59 a.m.9 views

CVE-2026-30308

In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a...

9.8CVSS6AI score0.00512EPSS
Exploits0References1
NVD
NVD
added 2026/03/30 9:17 p.m.6 views

CVE-2026-30308

In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a...

9.8CVSS0.00512EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/30 12:0 a.m.3 views

CVE-2026-30308

In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a...

6AI score0.00512EPSS
Exploits0References3
CVE
CVE
added 2026/03/30 12:0 a.m.11 views

CVE-2026-30308

CVE-2026-30308 affects HAI Build Code Generator's automatic terminal command execution feature. The tool offers two options: Execute safe commands or Execute all commands. The root cause is prompt-injection-based bypass: an attacker can wrap a malicious command in a generic template and mislead t...

9.8CVSS6AI score0.00512EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.28 views

CVE-2026-24614

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through = 1.2.10...

5.9CVSS5.9AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 3:16 p.m.7 views

CVE-2026-24614

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through = 1.2.10...

5.9CVSS0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:29 p.m.5 views

CVE-2026-24614 WordPress Flex QR Code Generator plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through = 1.2.10...

5.9CVSS5.2AI score0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:29 p.m.15 views

CVE-2026-24614

CVE-2026-24614 affects the WordPress plugin Flex QR Code Generator (flex-qr-code-generator). The vulnerability is a DOM-based XSS caused by improper neutralization during web page generation. Public references indicate impact on Flex QR Code Generator versions up to 1.2.8 (NVD/Red Hat) with Patch...

5.9CVSS5.9AI score0.00136EPSS
Exploits0References1
Rows per page
Query Builder