WordPress plugin Custom Block Builder – Lazy Blocks 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

PT-2026-7557

An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...

KeePass Password Safe 代码注入漏洞

KeePass Password Safe is a local password management tool developed by the KeePass company. Versions of KeePass Password Safe prior to 2.44 contained a code injection vulnerability. This vulnerability stemmed from improper handling of HTML in the help system, which could lead to denial-of-service...

PT-2026-7605

ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated...

WordPress plugin Lucky Wheel Giveaway 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

QNAP Systems File Station 5 安全漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems File Station 5 prior to 5.5.6.5166 contained security vulnerabilities. These vulnerabilities were caused by static code injection, which could lead to acce...

Chevereto 代码注入漏洞

Chevereto is a graph-based program. The Chevereto 3.13.4 Core version has a code injection vulnerability, which stems from improper handling of database table prefix parameters. This vulnerability may lead to remote code execution...

Schneider Electric EcoStruxure Building Operation Workstation 代码注入漏洞

Schneider Electric EcoStruxure Building Operation Workstation is a specialized operational terminal component developed by Schneider Electric, a French company. The Schneider Electric EcoStruxure Building Operation Workstation has a code injection vulnerability, which stems from improper code...

CVE-2026-21537

Improper control of generation of code 'code injection' in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network...

CVE-2026-21537

Improper control of generation of code 'code injection' in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network...

CVE-2026-21537

Improper control of generation of code 'code injection' in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network...

Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability

Improper control of generation of code 'code injection' in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP CRM, SAP S/4HANA, SAP NetWeaver Application Server ABAP, SAP Supply Chain Management, SAP BusinessObjects BI Platform, SAP Document Management System, SAP Commerce Cloud, and SAP Business Workflow. The vulnerabilities include code...

Exploit for Code Injection in Wpml

No d...

CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

CVE-2026-0488

CVE-2026-0488 affects SAP CRM and SAP S/4HANA (Scripting Editor) via a flaw in a generic function module call that an authenticated attacker can abuse to execute an arbitrary SQL statement. This can lead to full database compromise with high impact to confidentiality, integrity, and availability....

Microsoft GitHub Copilot and Visual Studio 代码注入漏洞

Microsoft GitHub Copilot and Visual Studio are generative AI tools developed by the American company Microsoft. There is a code injection vulnerability in Microsoft GitHub Copilot and Visual Studio. Attackers can exploit this vulnerability to execute code remotely. The following products and...

PT-2026-7413

Name of the Vulnerable Software and Affected Versions Microsoft Defender for Linux affected versions not specified Description The software contains a flaw in how it generates code, potentially allowing an attacker on the same network to run code without authorization. There is no information abo...

📄 Palo Alto Networks PAN-OS 11.2 PHP Code Injection

Palo Alto Networks PAN-OS version 11.2 proof of concept remote command execution exploit that also leverages an authentication bypass vulnerability. ============================================================================================================================================= | Titl...