Arbitrary Code Injection

SandboxJS is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper isolation allowing access to Function via arrays and object construction, which allows an attacker to escape the sandbox and execute arbitrary code...

EUVD-2026-14744

Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...

CVE-2026-4745

Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...

CVE-2026-4745 Arbitrary Code Execution via Crafted Bytecode in dendibakh/perf-ninja

Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...

CVE-2026-4745

CVE-2026-4745 is an Arbitrary Code Execution in dendibakh perf-ninja (labs/misc/pgo/lua modules) linked to the vulnerable program file ldo.C. The issue arises from improper generation of code (Code Injection) in perf-ninja, affecting the Lua-related components. The CVSS 4.0 base score is 10.0 (CR...

CVE-2026-4745 Arbitrary Code Execution via Crafted Bytecode in dendibakh/perf-ninja

Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...

CVE-2026-4745

Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...

bolo-solo 代码注入漏洞

Bolo-Solo is a blog system developed under the open source Bolo-Blog project. Version 2.6.4 of Bolo-Solo contains a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter articleTitle in the file /console/article/. It may lead to cross-site scripting attac...

Intake 代码注入漏洞

Intake is an open-source Python toolkit for data loading and processing. Versions of Intake prior to 2.0.9 had a code injection vulnerability. This vulnerability stemmed from the automatic expansion of shell syntax during directory parsing, which could lead to the execution of host system command...

Vikunja 代码注入漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.21.0 to 2.2.0 contained a code injection vulnerability. This vulnerability occurred because the Vikunja Desktop Electron wrapper enabled nodeIntegration in the main BrowserWindow without any...

PT-2026-27325

Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...

CVE-2026-4591

Kalcaddle KodBox 1.64 contains a vulnerability in the fileThumb Endpoint’s checkBin function (file /workspace/source-code/plugins/fileThumb/app.php). The issue allows remote command injection via manipulation of input, with an exploit publicly available. Reported impact is Confidentiality, Integr...

CVE-2026-33479 AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSR...

CVE-2026-33479

CVE-2026-33479 affects WWBN AVideo (Gallery plugin, saveSort.json.php) where unsanitized values from $_REQUEST['sections'] are fed into eval(), enabling PHP code execution via CSRF against an admin session. The issue exists up to version 26.0; a patch in commit 087dab8841f8bdb54be184105ef19b47c56...

EUVD-2026-14341

A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...

CVE-2026-4564

A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...

PT-2026-27265

Name of the Vulnerable Software and Affected Versions Woocommerce Custom Product Addons Pro versions prior to 5.4.2 Description The Woocommerce Custom Product Addons Pro plugin for WordPress is susceptible to Remote Code Execution. This occurs because of inadequate sanitization and validation of...

Ruoyi 代码注入漏洞

Ruoyi is a backend management system developed by the RuoYi developer. Versions of RuoYi 4.8.2 and earlier had a code injection vulnerability. This vulnerability stemmed from improper handling of the invokeTarget parameter in the Quartz Job Handler component located in the file /monitor/job/...

Code-Projects Exam Form Submission 代码注入漏洞

Code-Projects Exam Form Submission is an open-source exam form developed by Code-Projects. Version 1.0 of Code-Projects Exam Form Submission contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter sname in the file admin/updates5.php, which may...

Code-Projects Exam Form Submission 代码注入漏洞

Code-Projects Exam Form Submission is an open-source exam form developed by Code-Projects. Version 1.0 of Code-Projects Exam Form Submission contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter sname in the file admin/updates4.php, which may...