36543 matches found
CVE-2025-33042 Apache Avro Java SDK: Code injection on Java generated code
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...
CVE-2025-33042
CVE-2025-33042 : Improper control of generation of code (Code Injection) in the Apache Avro Java SDK. Affects all versions up to 1.11.4 and 1.12.0; upgrading to 1.12.1 or 1.11.5 fixes the issue. CVSS v3.1 base score 7.3 (HIGH). Connected IBM advisories confirm the same vulnerability and the recom...
EUVD-2025-206910
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...
PT-2026-7986
Name of the Vulnerable Software and Affected Versions Apache Avro Java SDK versions through 1.11.4 and version 1.12.0 Description An Improper Control of Generation of Code 'Code Injection' issue exists in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. The flaw...
Apache Avro Java SDK 安全漏洞
The Apache Avro Java SDK is a data processing toolkit developed by the Apache Foundation. Versions of the Apache Avro Java SDK prior to 1.11.4 and 1.12.0 have security vulnerabilities. These vulnerabilities stem from improper control over the generation of specific record schema code from the...
Exploit for CVE-2025-49132
CVE-2025-49132: Pterodactyl Panel Unauthenticated RCE via PHP...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...
CVE-2025-57707
An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...
Crawl4AI 代码注入漏洞
Crawl4AI is an open-source, LLM-friendly web crawler developed by UncleCode’s individual developers. Versions of Crawl4AI prior to 0.8.0 contained a code injection vulnerability. This vulnerability stemmed from the /crawl endpoint in the Docker API deployment, which accepted hooks parameters...
Cisco ClamAV ClamBC 代码注入漏洞
Cisco ClamAV ClamBC is a bytecode signature system developed by Cisco, Inc. Cisco ClamAV ClamBC has a code injection vulnerability, which stems from weak input validation in the handling of function names. This vulnerability could allow attackers to execute malicious bytecode or cause unexpected...
yoke 代码注入漏洞
Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained a code injection vulnerability. This vulnerability stemmed from the lack of proper URL validation in the Air Traffic Controller component, allowing users with the authority to create or...
authentik 代码注入漏洞
Authentik is an open-source identity provisioning application developed by Authentik. Versions of Authentik prior to 2025.8.6, 2025.10.4, and 2025.12.4 have a code injection vulnerability. This vulnerability allows users with specific permissions to execute arbitrary code through test endpoints...
CVE-2026-21537
Improper control of generation of code 'code injection' in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network...
CVE-2025-57707
An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...
CVE-2025-57707
An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...
CVE-2025-57707 File Station 5
An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...
CVE-2025-57707 File Station 5
An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...
CVE-2025-57707
An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...
CVE-2025-57707
CVE-2025-57707 affects QNAP File Station 5. The vulnerability is described as an improper neutralization of directives in statically saved code (Static Code Injection) that could allow a remote attacker with a user account to access restricted data/files. The Red Hat, NVD, OSV, and related source...