36506 matches found
PT-2026-44162
Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticat...
FoxCMS 代码注入漏洞
FoxCMS is a content management system provided by FoxCMS Company in China, available for free commercial use and open source. Versions of FoxCMS 1.2.6 and earlier have a code injection vulnerability. This vulnerability stems from unknown functions in the Administrator Backend component/Tag/edit...
WordPress plugin affiliate-toolkit 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin WPCode 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
BentoML 代码注入漏洞
BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.39, there was a code injection vulnerability. This vulnerability stemmed from the envs.name value...
Pi.Alert 代码注入漏洞
Pi.Alert is a WIFI/LAN intrusion detector developed by Jokob-sk. Versions of Pi.Alert prior to 2026-05-07 had a code injection vulnerability. This vulnerability stemmed from the Web configuration editor, which allowed arbitrary Python code to be injected into the pialert.conf file. Additionally,...
Pi.Alert 代码注入漏洞
Pi.Alert is a WIFI/LAN intrusion detector developed by the individual developer jokob-sk. Versions of Pi.Alert prior to version 2026-05-07 contained a code injection vulnerability. This vulnerability stemmed from the SaveConfigFile endpoint, which directly wrote user-provided numerical...
claude-code-cache-fix 代码注入漏洞
claude-code-cache-fix is a caching optimization tool developed by Chris Nighswonger. Versions 3.5.0 to 3.5.2 of claude-code-cache-fix had a code injection vulnerability. This vulnerability stemmed from the use of tools/quota-statusline.sh, which directly inserted the hook’s standard input payload...
EUVD-2026-32033
PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality...
CVE-2026-36239
PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality...
CVE-2026-9302
A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code...
CVE-2026-9568
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...
Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities
Summary There are multiple vulnerabilities in the IBM HTTP Server used by IBM WebSphere Application Server CVE-2026-8834, CVE-2026-8852, CVE-2026-8856, CVE-2026-8850, CVE-2026-8854, CVE-2026-8855, CVE-2026-8835, CVE-2026-45186, CVE-2026-9170. Vulnerability Details CVEID:CVE-2026-8850 DESCRIPTION:...
CVE-2026-9568 ThingsBoard YAML provision getGatewayDockerComposeFile code injection
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...
CVE-2026-9568
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...
EUVD-2026-31957
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...
CVE-2026-9568 ThingsBoard YAML provision getGatewayDockerComposeFile code injection
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...
CVE-2026-9568
ThingsBoard (up to 4.3.1.1) contains a vulnerability in the YAML Handler’s /api/v1/provision path. The getGatewayDockerComposeFile function can be manipulated to achieve code injection, with remote feasibility and high attack complexity per the provided metrics. No remediation or exploit details ...
CVE-2026-39642
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...
EUVD-2026-31803
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...