36506 matches found
CicadasCMS 代码注入漏洞
CicadasCMS is a content management framework developed by the Chinese individual developer westboy, based on SpringBoot, Mybatis, SpringSecurity, and Vue. CicadasCMS has a code injection vulnerability. This vulnerability stems from the Search method in the...
Student-Management-System 代码注入漏洞
Student-Management-System is an open-source student information management system developed by Cyber-III. Version 1.0 of STUDENT-MANAGEMENT-SYSTEM contains a code injection vulnerability. This vulnerability stems from the Name parameter on the dashboard page, which contains cross-site scripting,...
Debian dsa-6311 : php-twig - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6311 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6311-1 [email protected] https://www.debian.org/securit...
Arbitrary Code Injection
Overview redshift-connector is a Redshift interface library Affected versions of this package are vulnerable to Arbitrary Code Injection due to the use of eval on untrusted data received from the server, in the vectorin function. An attacker can execute arbitrary code on the client system by...
[SECURITY] [DSA 6311-1] php-twig security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6311-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 29, 2026 https://www.debian.org/security/faq -...
Acer Predator Connect W6x 代码注入漏洞
The Acer Predator Connect W6x is a series of high-performance Wi-Fi 6/6E gaming routers produced by Acer of Taiwan, China. The Acer Predator Connect W6x has a code injection vulnerability, which stems from allowing injections and execution of arbitrary shell commands...
Arbitrary Code Injection
Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Arbitrary Code Injection via the import process of bookmark data or during sync operations. An attacker can execute arbitrary code by injecting malicious fields into...
[SECURITY] [DLA 4604-1] roundcube security update
Debian LTS Advisory DLA-4604-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 28, 2026 https://wiki.debian.org/LTS Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u9 CVE ID : CVE-2026-48842 CVE-2026-48843 CVE-2026-48844 CVE-2026-48845 CVE-2026-48846...
CodeWhale 代码注入漏洞
CodeWhale is a terminal coding tool developed by Hunter Bown as an individual developer. Versions of CodeWhale prior to 0.8.26 contained a code injection vulnerability. This vulnerability stemmed from the taskcreate tool, which generated persistent sub-proxies that inherited two insecure default...
mapfish-print 代码注入漏洞
Mapfish-Print is a JAVA extension library created by individual developers for creating maps-related reports. This extension library is based on Java’s servlet/lib/application framework and can implement a service that receives requests and returns reports. Versions of Mapfish-Print from 3.23.0 t...
GitButler 代码注入漏洞
GitButler is an open-source modern Git version control interface that supports AI workflows. Versions of GitButler prior to 0.19.7 contained a code injection vulnerability. This vulnerability could allow arbitrary scripts to execute in the Tauri webview due to the malicious links present in the...
Debian dla-4604 : roundcube - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4604 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4604-1 [email protected]...
Debian dsa-6301 : roundcube - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6301 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6301-1 [email protected]...
[SECURITY] [DSA 6301-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6301-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2026 https://www.debian.org/security/faq -...
CVE-2026-9568
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...
Arbitrary Code Injection
Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Arbitrary Code Injection via the filters and tags registries in Liquid. An attacker can trigger arbitrary inherited Object.prototype...
Arbitrary Code Injection
Contour is vulnerable to Arbitrary Code Injection. The vulnerability is due to insufficient sanitization of user-controlled values in cookieRewritePolicies.pathRewrite.value, where values are interpolated into Envoy HTTP Lua filter code using Go text/template, allowing attackers with HTTPProxy...
SUSE CVE-2026-48844
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...
CVE-2026-36239
PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality...
PT-2026-43457
Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory. The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure sandbox. An authenticated user wi...