CVE-2025-30044

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstatsimple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection...

Apache Ranger has a Code Injection vulnerability

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

GHSA-C87W-642H-M97H Apache Ranger has a Code Injection vulnerability

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

BIT-KIBANA-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment (CVE-2025-13686, CVE-2025-13687, CVE-2025-13688)

Summary Runtime environment is used by DataStage on Cloud Pak for Data as part of upload file processing. Vulnerability Details CVEID:CVE-2025-13686 DESCRIPTION: DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands with normal user privileges on the syst...

CVE-2026-3395

A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editormarkitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack...

CVE-2025-30044

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstatsimple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection...

EUVD-2025-208148

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstatsimple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection...

CVE-2025-30044 RCE on uhcapache user permissions

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstatsimple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection...

CVE-2025-30044

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstatsimple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection...

CVE-2025-30044

CVE-2025-30044 affects endpoints under CliniNET.prd/utils (usrlogstat_simple.pl, usrlogstat.pl, userlogstat2.pl, dblogstat.pl). The issue is insufficient input normalization on parameters, enabling code injection. According to the provided metrics, the vulnerability has CRITICAL impact with HIGH ...

Arbitrary Code Injection

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

CVE-2026-3409

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

CVE-2026-3409 eosphoros-ai db-gpt Flow Import Endpoint import importlib.machinery.SourceFileLoader.exec_module code injection

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

CVE-2026-3409 eosphoros-ai db-gpt Flow Import Endpoint import importlib.machinery.SourceFileLoader.exec_module code injection

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

CVE-2026-3409

Affected software: eosphoros-ai db-gpt 0.7.5. Vulnerable component: Flow Import Endpoint, specifically importlib.machinery.SourceFileLoader.exec_module in /api/v1/serve/awel/flow/import. Root cause: manipulating a File leads to code injection. Impact: remote execution of injected code possible; n...

EUVD-2026-9142

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

PHPGurukul Student Record Management System 代码注入漏洞

PHPGurukul Student Record Management System is a student record management system developed by PHPGurukul Corporation. Versions of the PHPGurukul Student Record Management System prior to 1.0 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameter...

AFFiNE.Pro 代码注入漏洞

AFFiNE.Pro is an open-source next-generation knowledge base developed by Toeverything. Versions of AFFiNE.Pro prior to 0.25.4 contained a code injection vulnerability. This vulnerability occurred due to specially crafted affine: URLs, which could lead to remote code execution with just one click...

OpenClaw Code Injection Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code injection vulnerability. The vulnerability stems from the fact that channel metadata may be included in the model's system prompts when the Slack integration is enabled, increasing the attack...