36545 matches found
CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation
SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...
CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation
SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...
4images 代码注入漏洞
4images is an image management system from the German company 4images. A code injection vulnerability exists in 4images version 1.9, which stems from a remote command execution vulnerability in the template editing feature that could lead to the execution of arbitrary commands...
PHOENIX CONTACT TC ROUTER 代码注入漏洞
PHOENIX CONTACT TC ROUTER is a series of routers from PHOENIX CONTACT, Germany. A code injection vulnerability exists in the PHOENIX CONTACT TC ROUTER that stems from improper code generation controls and could lead to code injection and a complete loss of confidentiality, availability, and...
PT-2026-2351
Name of the Vulnerable Software and Affected Versions versions prior to 2025-41717 Description An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of...
SAP Wily Introscope Enterprise Manager 代码注入漏洞
SAP Wily Introscope Enterprise Manager is an application performance management component from SAP, Germany. A code injection vulnerability exists in SAP Wily Introscope Enterprise Manager, which stems from the use of a vulnerable third-party component, and could allow an unauthenticated attacker...
SAP Landscape Transformation 代码注入漏洞
SAP Landscape Transformation is a tool for system data migration and integration from SAP, Germany. SAP Landscape Transformation suffers from a code injection vulnerability that originates from an attacker being able to inject arbitrary ABAP code or OS commands via RFC-exposed function modules,...
SAP S/4HANA 代码注入漏洞
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. SAP S/4HANA suffers from a code injection vulnerability that originates from an attacker being able to inject arbitrary ABAP code or OS commands via RFC-exposed function...
NanoCMS 代码注入漏洞
NanoCMS is a lightweight content management system by kalyan02 individual developer. A code injection vulnerability exists in NanoCMS version 0.4, which stems from an unauthenticated file upload vulnerability in the page content creation feature that could lead to remote code execution...
CVE-2026-22785
orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...
CVE-2026-22785 orval MCP client is vulnerable to a code injection attack.
orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...
CVE-2026-22785 orval MCP client is vulnerable to a code injection attack.
orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...
CVE-2026-22785
Summary: Orval (MCP client/server code path) is vulnerable to arbitrary code execution via unsanitized input in OpenAPI specs. The CVE-2026-22785/MCP issue arises from string-manipulation in the MCP server generation logic that embeds the summary field without proper validation/escaping, allowing...
CVE-2026-22785 orval MCP client is vulnerable to a code injection attack.
orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...
Envoy Gateway 代码注入漏洞
Envoy Gateway is an Envoy Proxy open source that uses the Envoy agent as a gateway for standalone or Kubernetes-based applications. A code injection vulnerability exists in Envoy Gateway versions prior to 1.5.7 and prior to 1.6.2 that stems from the EnvoyExtensionPolicy Lua script that could...
Legrand AV Luxul XWR-600 代码注入漏洞
The Legrand AV Luxul XWR-600 is a wireless router from Luxul. A code injection vulnerability exists in the Legrand AV Luxul XWR-600 version 4.0.1 and earlier, which stems from the incorrect operation of the parameter Guest Network/Wireless Profile SSID in the component Web Administration Interfac...
EUVD-2026-1841
Improper Control of Generation of Code 'Code Injection' vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0...
GHSA-7X99-8X99-XC54 Salesforce Uni2TS has a Code Injection vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0...
Salesforce Uni2TS has a Code Injection vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0...
CVE-2026-22584
Improper Control of Generation of Code 'Code Injection' vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0...