Exploit for Code Injection in Microsoft

It is an offensive tool for web exploitation. The repository con...

DataEase H2 JDBC Injection Code Execution Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase H2.java handles JDBC connection validation with a code injection...

MediaWiki - LanguageSelector Extension 安全漏洞

Mediawiki - LanguageSelector Extension is an extension for MediaWiki to provide multi-language support, allowing users to select and configure the interface language. A code injection vulnerability exists in Mediawiki - LanguageSelector Extension, which stems from improper neutralization of speci...

DataEase DB2/MongoDB JNDI Code Injection Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . A code injection vulnerability exists in DataEase DB2/MongoDB JDBC...

LogicalDOC Community Edition 代码注入漏洞

LogicalDOC Community Edition is a documentation system from the Italian company LogicalDOC. A code injection vulnerability exists in LogicalDOC Community Edition 9.2.1 and earlier versions, which arises from incorrect manipulation of the parameters First Name/Last Name/Company/Address/Phone/Mobil...

Toeverything AFFiNE 代码注入漏洞

Toeverything AFFiNE is a knowledge management software from Toeverything open source. AFFiNE 0.24.1 and earlier versions suffer from a code injection vulnerability that stems from an unknown code flaw in the Avatar Upload Image Endpoint component, which could lead to a cross-site scripting attack...

CVE-2025-11905

A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploit has been made public and could be used...

EUVD-2025-34889

A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploit has been made public and could be used...

CVE-2025-11905

A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploit has been made public and could be used...

CVE-2025-11905

A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploit has been made public and could be used...

CVE-2025-11905 yanyutao0402 ChanCMS gather.js getArticle code injection

A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploit has been made public and could be used...

CVE-2025-11905 yanyutao0402 ChanCMS gather.js getArticle code injection

A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploit has been made public and could be used...

Fortinet FortiClientMac Code Injection Vulnerability

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. A code injection vulnerability exists in Fortinet FortiClientMac, which stems from the application's failure to properly filter special elements of constructed snippets, and can be exploited by an...

DataEase 代码问题漏洞

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . A code injection vulnerability exists in DataEase DB2/MongoDB JDBC...

ChanCMS 代码注入漏洞

ChanCMS is a content management system. A code injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which stems from the function getArticle in the file appmodulescmscontrollergather.js that fails to correctly filter the special elements of the constructed snippet. An attacker ca...

DataEase 代码问题漏洞

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase H2.java handles JDBC connection validation with a code injection...

Arbitrary Code Injection

Overview @cocalc/frontend is a CoCalc: Collaborative Calculation Affected versions of this package are vulnerable to Arbitrary Code Injection via uploading a crafted SVG file. An attacker can execute arbitrary code by uploading a specially crafted SVG file. Remediation A fix was pushed into the...

Apeman ID71 代码注入漏洞

Apeman ID71 is a webcam from Apeman. A code injection vulnerability exists in the Apeman ID71 EN75.8.53.20 version, which stems from the incorrect manipulation of the parameter alias in the file /setalias.cgi, and could lead to a cross-site scripting attack...

CVE-2025-31365

An Improper Control of Generation of Code 'Code Injection' vulnerability CWE-94 in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website...

CVE-2025-41699

An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code 'Code Injection'...