CVE-2025-49926

CVE-2025-49926 concerns the WordPress Kalium theme (Kalium) up to version 3.25. Risk arises from an improper generation of code, i.e., a code injection vulnerability that can lead to arbitrary code execution. Affected component: Laborator Kalium kalium (WordPress theme/plugin variant) with versio...

CVE-2025-49926 WordPress Kalium theme <= 3.25 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through = 3.25...

CVE-2025-49926 WordPress Kalium theme <= 3.25 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through = 3.25...

WordPress plugin s2Member 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injectio...

WordPress Plugin Kalium 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injecti...

WordPress plugin Alone Theme 安全漏洞

The WordPress Alone Theme plugin is a premium theme for creating photography-based websites that sells close to 10,000 copies in the Envato marketplace and is mainly used by non-profit organizations e.g. charities, fundraising organizations, etc.. WordPress Alone Theme plugin suffers from a code...

LibreChat 代码注入漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A code injection vulnerability exists in LibreChat version 0.7.9, which stems from unvalidated input of the Accept-Language header and could lead to a cross-site scripting attack...

PT-2025-43190

Name of the Vulnerable Software and Affected Versions Laborator Kalium kalium versions through 3.25 Description A code injection issue exists in Laborator Kalium kalium. The issue allows for code injection. Recommendations Update Laborator Kalium kalium to a version later than 3.25...

WordPress plugin WP Last Modified Info Code Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. WordPress plugin WP...

Wordpress Plugin doctreat 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

CVE-2025-62697

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injection.This issue affects Mediawiki - LanguageSelector Extension: from master before 1.39...

EUVD-2025-35095

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injection.This issue affects Mediawiki - LanguageSelector Extension: from master before 1.39...

CVE-2025-62697

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injection.This issue affects Mediawiki - LanguageSelector Extension: from master before 1.39...

UBUNTU-CVE-2025-62697

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injection.This issue affects Mediawiki - LanguageSelector Extension: from master before 1.39...

CVE-2025-62697 Improperly sanitized style parameter in LanguageSelector

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injection.This issue affects Mediawiki - LanguageSelector Extension: from master before 1.39...

CVE-2025-62697

Summary (CVE-2025-62697) : A code injection vulnerability exists in the Wikimedia Foundation’s MediaWiki LanguageSelector Extension due to improper neutralization of special elements in output used by downstream components. Affected: LanguageSelector Extension for MediaWiki, specifically versions...

CVE-2025-62697 Improperly sanitized style parameter in LanguageSelector

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injection.This issue affects Mediawiki - LanguageSelector Extension: from master before 1.39...

GHSA-825G-MM5V-GGQ4 Apache Syncope allows malicious administrators to inject Groovy code

Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machine...

Exploit for Code Injection in Microsoft

It is an offensive tool for web exploitation. The repository con...

DataEase H2 JDBC Injection Code Execution Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase H2.java handles JDBC connection validation with a code injection...