Aureus ERP 代码注入漏洞

Aureus ERP is an enterprise resource planning system developed by aureuserp. Versions of Aureus ERP 1.3.0-BETA2 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters “subject” and “body” in the file...

ueditor 代码注入漏洞

Ueditor is an open-source editor developed by Ueditor. Versions of UEditor 1.4.3.2 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “callback” in the file php/controller.php?action=uploadimage, which may lead to cross-site scriptin...

(Pwn2Own) QNAP TS-453E malware_remover Code Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the malwareremover.cgi endpoint. The issue results from the lack of prope...

Tecnick TCExam 代码注入漏洞

Tecnick TCExam is a web-based open-source electronic examination system developed by the British company Tecnick. This system is primarily used for online examinations. Versions of Tecnick TCExam prior to 16.6.0 contained a code injection vulnerability. This vulnerability stemmed from improper...

Bedrock AgentCore Starter Toolkit 安全漏洞

Bedrock AgentCore Starter Toolkit is an open-source AI development and deployment toolkit provided by Amazon Web Services. Versions of the tool before v0.1.13 contain security vulnerabilities. These vulnerabilities stem from a lack of S3 ownership verification, which allows remote attackers to...

Tecnick TCExam 代码注入漏洞

Tecnick TCExam is a web-based open-source electronic examination system developed by the British company Tecnick. This system is primarily used for online examinations. Version 16.5.0 of Tecnick TCExam contains a code injection vulnerability. This vulnerability stems from incorrect handling of a...

CMS Made Simple 代码注入漏洞

CMS Made Simple CMSMS is an open-source content management system developed by the Cmsms team. This system supports role-based permission management systems, wizard-based installation and update mechanisms, and intelligent caching features. Versions of CMS Made Simple prior to 2.2.21 contained a...

AnythingLLM 代码注入漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM has a code injection vulnerability that stems from the ImportedPlugin.importCommunityItemFromUrl function downloads a ZIP file and extracts it without verifying the path to the file within the archive, which can be...

PT-2026-25703

Name of the Vulnerable Software and Affected Versions SOLIDWORKS Desktop versions 2025 through 2026 Description A code injection issue exists in SOLIDWORKS Desktop. Successful exploitation while opening a specially crafted file could allow an attacker to execute arbitrary code on the user's...

Exploit for Code Injection in Unicode

codescan Fast, configurable code security scanner written in...

web-attack-payloads

Web Attack Payloads Collection !Cybersecurityhttps://img.s...

MLflow 代码注入漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible executions, and sharing and deploying models. Prior to MLv3.7.0, there was a code injection vulnerability. This vulnerability stemmed from...

Arbitrary Code Injection

Craft CMS is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe use of unsandboxed Twig rendering with user-controlled input in the conditions system, which allows an attacker to execute arbitrary code through crafted condition rules...

EUVD-2026-11933

Improper Control of Generation of Code 'Code Injection' vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through = 2.36...

EUVD-2026-11862

Improper Control of Generation of Code 'Code Injection' vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through = 3.5.16...

CVE-2026-32414

Improper Control of Generation of Code 'Code Injection' vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through = 2.36...

CVE-2026-32367

Improper Control of Generation of Code 'Code Injection' vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through = 3.5.16...

Arbitrary Code Injection

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Arbitrary Code Injection via the executor module. An attacker can execute arbitrary code by crafting input that allows them get to arrays containing Function and escape the intended...

CVE-2026-32414

The CVE concerns WordPress plugin Advanced Woo Labels (IllID) with versions up to and including 2.36, where an improper control of code generation leads to code injection and remote code inclusion. Affected component is the Advanced Woo Labels plugin; root cause is a code injection vulnerability ...

CVE-2026-32414 WordPress Advanced Woo Labels plugin <= 2.36 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through = 2.36...