CVE-2026-25001

CVE-2026-25001 is a confirmed vulnerability in the WordPress plugin Post Snippets (formerly Post Snippets – Custom WordPress Code Snippets Customizer) affecting versions up to 4.0.12. The Wordfence entry characterizes the issue as a Remote Code Execution vulnerability requiring authenticated acce...

CVE-2026-25001 WordPress Post Snippets plugin <= 4.0.12 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through = 4.0.12...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-33017link is external Langflow Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...

PT-2026-27964

Name of the Vulnerable Software and Affected Versions Total Poll Lite versions through 4.12.0 Description A code injection issue exists in Total Poll Lite, allowing for remote code inclusion. The issue is due to improper control of code generation. Recommendations Update Total Poll Lite to a...

WordPress plugin Woody ad snippets 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

WordPress plugin Widget Wrangler 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress plugin JetFormBuilder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin Nelio AB Testing 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 contained a code injection vulnerability. This vulnerability stemmed from insufficient SQL pattern restrictions in the Merge node, which could lead to remote code...

PT-2026-28039

Name of the Vulnerable Software and Affected Versions JetFormBuilder versions through 3.5.6.1 Description A code injection issue exists in JetFormBuilder. The flaw resides in improper control of code generation, potentially allowing for code injection. The vulnerability could allow an attacker to...

PT-2026-27924

Name of the Vulnerable Software and Affected Versions Woody ad snippets versions through 2.7.1 Description A code injection issue exists in Themeisle Woody ad snippets insert-php. The issue involves improper control of code generation, potentially allowing for code injection. The vulnerable...

PT-2026-27879

Name of the Vulnerable Software and Affected Versions Post Snippets versions through 4.0.12 Description A code injection issue exists in Post Snippets that could allow for remote code inclusion. The issue is due to improper control of code generation. Recommendations Update Post Snippets to a...

PT-2026-28062

Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.7...

PT-2026-27948

Name of the Vulnerable Software and Affected Versions Widget Wrangler versions prior to 2.3.9 Description A code injection issue exists in Jonathan Daggerhart Widget Wrangler. The issue involves improper control of code generation. This allows for code injection. Recommendations Update Widget...

CraftCMS generate-transform command injection

Added: 03/25/2026 Background CraftCMS is a content management system written in PHP. Problem A vulnerability in CraftCMS allows remote attackers to inject arbitrary PHP code into the session file and then execute it using a specially crafted request to generate-transform. Resolution Upgrade to...

Mageia: Security Advisory (MGASA-2026-0062)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Langflow Code Injection Vulnerability

Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication...

Arbitrary Code Injection

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsanitized input in the content field of the DomainZones API. An attacker can inject arbitrary BIND zone file directives, such as $INCLUDE, by submitting...

CVE-2026-0848

A code injection flaw was found in nltk. The StanfordSegmenter module in NLTK Natural Language Toolkit is vulnerable to arbitrary code execution due to improper input validation. An attacker can exploit this by supplying or replacing Java Archive JAR files, which are dynamically loaded without...

EUVD-2026-14175

Vikunja is an open-source self-hosted task management platform. Starting in version 1.0.0-rc0 and prior to version 2.2.0, unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. Version...