CMSimple 代码注入漏洞

CMSimple is a free content management system. CMSimple suffers from a code execution vulnerability that stems from the template editing feature not securely controlling and filtering the content of user-inputted code, resulting in logged-in users being able to inject malicious PHP code into...

Hugging Face Transformers 代码注入漏洞

Hugging Face Transformers is a Hugging Face open source framework for defining state-of-the-art machine learning models covering textual, visual, audio, and multimodal models for inference and training. A code injection vulnerability exists in Hugging Face Transformers, which stems from a lack of...

CVE-2024-57521

SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java...

Hugging Face Transformers 代码注入漏洞

Hugging Face Transformers is a Hugging Face open source framework for defining state-of-the-art machine learning models covering textual, visual, audio, and multimodal models for inference and training. Hugging Face Transformers suffers from a code injection vulnerability that stems from a lack o...

📄 PKP-WAL 3.5.0-3 X-Forwarded-Host LESS Code Injection

PKP-WAL versions 3.5.0-3 and below suffer from a LESS X-Forwarded-Host related code injection vulnerability. ----------------------------------------------------------------------- PKP-WAL getBaseUrl method, can be manipulated by unauthenticated attackers through the X-Forwarded-Host HTTP header,...

📄 PKP-WAL 3.5.0-1 baseColour LESS Code Injection

PKP-WAL versions 3.5.0-1 and below suffer from a LESS baseColour related code injection vulnerability. ----------------------------------------------------------------- PKP-WAL = 3.5.0-1 baseColour LESS Code Injection Vulnerability -----------------------------------------------------------------...

CampCodes Complete Online Beauty Parlor Management System 代码注入漏洞

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter...

CVE-2025-65037

Improper control of generation of code 'code injection' in Azure Container Apps allows an unauthorized attacker to execute code over a network...

CVE-2025-67850

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

Exploit for Code Injection in Xwiki

CVE-2025-24893 Remote Code Execution exploit for XWikihttp...

CVE-2025-60068

Improper Control of Generation of Code 'Code Injection' vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through = 3.0.0.266...

CVE-2025-60070

Improper Control of Generation of Code 'Code Injection' vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through = 1.5.13...

CVE-2025-64225

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through = 1.2.11...

CVE-2025-14856

A security vulnerability has been detected in yproject RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed public...

Code-Projects Simple Stock System 代码注入漏洞

Code-Projects Simple Stock System is a Code-Projects open source simple stock system. A code injection vulnerability exists in Code-Projects Simple Stock System version 1.0, which originates from a cross-site scripting vulnerability in an unknown function in the file /market/chatuser.php...

📄 LibreNMS 24.9.1 Code Injection

LibreNMS version 24.9.1 suffers from a remote command execution vulnerability. ============================================================================================================================================= | Title : LibreNMS 24.9.1 PHP Code Injection Vulnerability | | Author :...

PT-2025-52590

CVE-2025-68485 - Apache HTTP Server Code Injection Vulnerability CVE ID : CVE-2025-68485 Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

CVE-2025-14837

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

CVE-2025-65037

Improper control of generation of code 'code injection' in Azure Container Apps allows an unauthorized attacker to execute code over a network...

EUVD-2025-204414

Improper control of generation of code 'code injection' in Azure Container Apps allows an unauthorized attacker to execute code over a network...