itsourcecode University Management System 代码注入漏洞

itsourcecode University Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode University Management System has a code injection vulnerability. This vulnerability arises from improper handling of vr parameters in the /addresult.php...

AnythingLLM Code Injection Vulnerability

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM has a code injection vulnerability that stems from the ImportedPlugin.importCommunityItemFromUrl function downloads a ZIP file and extracts it without verifying the path to the file within the archive, which can be...

PT-2026-26038

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

TRENDnet TEW-824DRU 代码注入漏洞

TRENDnet TEW-824DRU is a dual-band wireless router produced by TRENDnet Corporation. Both versions of the TRENDnet TEW-824DRU, 1.010B01 and 1.04B01, contain a code injection vulnerability. This vulnerability stems from improper handling of the Language parameter in the sub420A78 function within t...

OpenClaw code injection vulnerability (CNVD-2026-14391)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a code injection vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

Schneider Electric EcoStruxure Automation Expert Code Injection Vulnerability

Schneider Electric EcoStruxure Automation Expert is a software platform for industrial automation systems from the French company Schneider Electric Schneider Electric. A code injection vulnerability exists in Schneider Electric EcoStruxure Automation Expert, which can be exploited by an attacker...

CVE-2026-22727 - Unprotected internal endpoints | Cloud Foundry

Severity HIGH CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 Vendor CloudFoundry Foundation Versions Affected Capi Release: 1.226.0 and below CF Deployment: v5 4.9.0 and below Description An attacker with access to the Cloud Foundry internal network could potentially inject malicious code into ...

EUVD-2026-12419

A Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

CVE-2026-3476

A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

CVE-2025-15060

claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of claude-hovercraft. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2026-3476 Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026

A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

CVE-2026-3476

A Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

CVE-2026-3476 Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026

A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

CVE-2026-3476

SOLIDWORKS Desktop is affected by CVE-2026-3476, a code injection vulnerability impacting releases 2025 through 2026. The flaw allows arbitrary code execution on the user’s machine when opening a specially crafted file. Attack vector is LOCAL and require user interaction; exploitation is prioriti...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 Text4Shell Report Apache Commons Text CVE-2...

Raytha CMS 代码注入漏洞

Raytha CMS is a content management system developed by the American company Raytha. Raytha CMS has a code injection vulnerability, which stems from the lack of sandboxing or access restrictions in the Functions module. This vulnerability could allow JavaScript code to instantiate.NET components a...

Dassault Systèmes SOLIDWORKS Desktop 安全漏洞

Dassault Systèmes SOLIDWORKS Desktop is a product of Dassault Systèmes, a French company. The versions 2025 and 2026 of Dassault Systèmes SOLIDWORKS Desktop contain security vulnerabilities. These vulnerabilities stem from the possibility of code injection when special files are opened, which cou...

Worksuite HR CRM and Project Management 代码注入漏洞

Worksuite HR CRM and Project Management is an enterprise management platform developed by the American company Worksuite. Versions of Worksuite HR CRM and Project Management prior to 5.5.25 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters ...

WAVLINK WL-NU516U1 代码注入漏洞

WAVLINK WL-NU516U1 is a wireless print server developed by WAVLINK Corporation. The version 240425 of WAVLINK WL-NU516U1 has a code injection vulnerability. This vulnerability stems from incorrect handling of parameters homepage/hostname in the function sub404F68 within the file /cgi-bin/login.cg...

Aureus ERP 代码注入漏洞

Aureus ERP is an enterprise resource planning system developed by aureuserp. Versions of Aureus ERP 1.3.0-BETA2 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters “subject” and “body” in the file...