36541 matches found
CVE-2026-2296
The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...
CVE-2026-2019 Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting
The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...
CVE-2026-2019 Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting
The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...
CVE-2026-2019
The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...
CVE-2026-2019
CVE-2026-2019 concerns the Cart All In One For WooCommerce WordPress plugin (versions
WordPress Cart All In One For WooCommerce plugin <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting vulnerability
Authenticated Administrator+ Code Injection via 'scassignpage' Setting vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Cart All In One For WooCommerce versions = 1.1.21...
PT-2026-20401
Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge affected versions not specified Description The software contains a flaw in a data shuffling tutorial that could allow code injection with malicious input. Exploitation may lead to code execution, privilege escalation,...
PT-2026-20306
Name of the Vulnerable Software and Affected Versions Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress versions prior to 3.1.1 Description The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is susceptible to Code...
PT-2026-20296
Name of the Vulnerable Software and Affected Versions Cart All In One For WooCommerce versions prior to 1.1.22 Description The Cart All In One For WooCommerce plugin for WordPress is susceptible to code execution. This occurs because of inadequate input validation on the 'Assign page' field, whic...
WordPress plugin Cart All In One For WooCommerce 注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...
NVIDIA Nemo Framework 代码注入漏洞
NVIDIA Nemo Framework is a framework developed by NVIDIA Corporation in the United States for building and deploying generative AI models. The NVIDIA Nemo Framework has a code injection vulnerability. This vulnerability allows attackers to potentially execute remote code, leading to code executio...
NVIDIA Nemo Framework 代码注入漏洞
NVIDIA Nemo Framework is a framework developed by NVIDIA Corporation in the United States for building and deploying generative AI models. The NVIDIA NeMo Framework has a code injection vulnerability. This vulnerability allows attackers to potentially execute remote code, leading to code executio...
NVIDIA Megatron Bridge 代码注入漏洞
NVIDIA Megatron Bridge is a component developed by NVIDIA Corporation in the United States that connects Hugging Face and Megatron-Core. NVIDIA Megatron Bridge has a code injection vulnerability. This vulnerability arises from malicious inputs in the data shuffling tutorial, which may lead to cod...
WordPress plugin Product Addons for Woocommerce – Product Options with Custom Fields 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
NVIDIA Megatron Bridge 代码注入漏洞
NVIDIA Megatron Bridge is a component developed by NVIDIA Corporation in the United States that connects Hugging Face and Megatron-Core. NVIDIA Megatron Bridge has a code injection vulnerability. This vulnerability arises from malicious inputs in the data merging process, which may lead to code...
PT-2026-20400
Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge affected versions not specified Description The software contains a flaw in a data merging tutorial that could allow code injection with malicious input. Exploitation of this issue may lead to code execution, privilege...
NVIDIA Nemo Framework 代码注入漏洞
NVIDIA Nemo Framework is a framework developed by NVIDIA Corporation in the United States for building and deploying generative AI models. The NVIDIA Nemo Framework has a code injection vulnerability. This vulnerability arises from the possibility of code injection when attackers create malicious...
MajorDoMo 代码注入漏洞
MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a code injection vulnerability in MajorDoMo. This vulnerability stems from an error in the inclusion order of modules/panel.class.php, which causes the execution to continue after a...
PT-2026-20399
Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework affected versions not specified Description The NVIDIA NeMo Framework has a flaw that allows an attacker to create malicious data that could lead to code injection. Exploitation of this issue may result in code execution,...
Arbitrary Code Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Code Injection via the incorporation of untrusted Slack channel metadata into the system prompt. An attacker can execute unauthorized commands or access sensitive information by...