📄 Palo Alto Networks PAN-OS 11.2 PHP Code Injection

Palo Alto Networks PAN-OS version 11.2 proof of concept remote command execution exploit that also leverages an authentication bypass vulnerability. ============================================================================================================================================= | Titl...

CVE-2026-1615

Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can...

CVE-2026-1615

Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can...

StudentManager 代码注入漏洞

StudentManager is a student management system developed by huanfenz’s individual developer. StudentManager has a code injection vulnerability, which stems from incorrect handling of the parameter Reason for Leave in the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. Th...

📄 Novell GroupWise 2012 Traversal / Shell Upload

This code exploits the directory traversal vulnerability in Novell GroupWise 2012 before Support Pack 1 to steal files, and attempts to upload a web shell payload if possible, making it an effective penetration testing tool...

Code-Projects Online Reviewer System 代码注入漏洞

The Code-Projects Online Reviewer System is an online review system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Reviewer System contains a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “firstname” in the file...

Code-Projects Online Reviewer System 代码注入漏洞

The Code-Projects Online Reviewer System is an online review system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Reviewer System contains a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “firstname” in the file...

Code-Projects Online Music Site 代码注入漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a code injection vulnerability. This vulnerability stems from incorrect handling of the txtalbum parameter in the file...

JFinalCMS 代码注入漏洞

JFinalCMS is a content management system developed by heyewei’s individual developers. Version JFinalCMS 5.0.0 has a code injection vulnerability. This vulnerability stems from incorrect operations with the component API endpoints related to files and the ‘admin/admin/save’ endpoint, which may le...

ZAI Shell 代码注入漏洞

ZAI Shell is a terminal-independent AI proxy software developed by Ömer Efe Başol TaklaXBR. Versions of ZAI Shell prior to 9.0.3 contained a code injection vulnerability. This vulnerability stemmed from the lack of an authentication mechanism in the P2P terminal sharing feature, which could lead ...

PT-2026-7066

Name of the Vulnerable Software and Affected Versions jsonpath affected versions not specified Description The package jsonpath is susceptible to Arbitrary Code Injection due to unsafe evaluation of user-supplied JSON Path expressions. The library utilizes the static-eval module to process JSON...

Origin Validation Error

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error via the /cdp WebSocket endpoint that accepts arbitrary Chrome DevTools Protocol commands. An attacker can bypass the intended localhost-only restriction by running...

SourceCodester Simple Responsive Tourism Website 代码注入漏洞

SourceCodester Simple Responsive Tourism Website is an open-source tourism website developed by SourceCodester. Version 1.0 of SourceCodester Simple Responsive Tourism Website has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “Title” in the...

Code-Projects Online Student Management System 代码注入漏洞

Code-Projects Online Student Management System is an open-source online student management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Student Management System contains a code injection vulnerability. This vulnerability arises from incorrect operations on the file...

Simple Responsive Tourism Website 代码注入漏洞

Simple Responsive Tourism Website is a simple responsive tourism website. Version 1.0 of Simple Responsive Tourism Website has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameters firstname, lastname, and username in the...

SourceCodester Patients Waiting Area Queue Management System 代码注入漏洞

The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a code injection vulnerability. This vulnerability...

nginxWebUI 代码注入漏洞

nginxWebUI is a nginx web configuration tool developed by cym1102 as an individual developer. Versions of nginxWebUI 4.3.7 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter nginxDir in the file adminPage/conf/conf, which coul...

Evasion of IoT Malware Detection Via Dummy Code Injection

The Internet of Things IoT has revolutionized connectivity by linking billions of devices worldwide. However, this rapid expansion has also introduced severe security vulnerabilities, making IoT devices attractive targets for malware such as the Mirai botnet. Power side-channel analysis has...

SourceCodester Patients Waiting Area Queue Management System 代码注入漏洞

The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a code injection vulnerability. This vulnerability...

SourceCodester Patients Waiting Area Queue Management System 代码注入漏洞

The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a code injection vulnerability. This vulnerability...