PT-2026-2212

Name of the Vulnerable Software and Affected Versions Salesforce Uni2TS versions through 1.2.0 Description An improper control of generation of code issue, specifically a code injection, exists in Salesforce Uni2TS on MacOS, Windows, and Linux. This allows for the leveraging of executable code in...

PT-2026-1991

Name of the Vulnerable Software and Affected Versions Foundation Agents MetaGPT affected versions not specified Description A flaw exists in the actionoutput str to mapping function that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for...

Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56835)

Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56839)

Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56840)

Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56838)

Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Exploit for Code Injection in Laravel Livewire

CVE-2025-54068 - Livewire v3.6.3 Vulnerable Lab This folder...

PHPGurukul Staff Leave Management System 代码注入漏洞

PHPGurukul Staff Leave Management System is an employee leave management system from PHPGurukul. A code injection vulnerability exists in version 1.0 of the PHPGurukul Staff Leave Management System, which stems from an incorrect manipulation of the parameter profilepic in the file...

carbone Code Injection vulnerability

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...

GHSA-6RCW-WW3X-XQWM carbone Code Injection vulnerability

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2009-0556link is external Microsoft Office PowerPoint Code Injection Vulnerability CVE-2025-37164link is external HPE OneView Code Injection Vulnerability These...

CVE-2025-1465

A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an unknown function of the file db.inc.php of the component Maintenance. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high...

CVE-2025-1398

Mattermost Desktop App versions =5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control TCC via code injection...

CVE-2013-6870

Cross-site scripting XSS vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-6284

Unspecified vulnerability in the Statutory Reporting for Insurance FSSR component in the Financial Services module for SAP ERP Central Component ECC allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability."...

CVE-2019-7486

Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier...

CVE-2019-7411

Multiple stored cross-site scripting XSS in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: 1 Title, 2 Favicon, 3 Meta Description, 4 Subscribe Form Name field label, Last name field label, Email...

CVE-2019-7177

Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin...

CVE-2019-16701

pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.execphp call containing shell metacharacters in a parameter value...

CVE-2019-16070

A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs...