36506 matches found
CVE-2018-25357
Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...
CVE-2026-9302
A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code...
CVE-2026-9302 546669204 vps-inventory-monitoring VpsTest Console VpsTest.php eval code injection
A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code...
EUVD-2026-31537
A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code...
CVE-2026-9302 546669204 vps-inventory-monitoring VpsTest Console VpsTest.php eval code injection
A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code...
CVE-2026-9302
546669204 vps-inventory-monitoring (VpsTest Console) is affected via the VpsTest.php file’s eval usage. The vulnerability arises from manipulating the argument vf in the function eval, allowing remote code execution. Public exploit exists. The project uses a rolling release, and the CVE record do...
PT-2026-42881
A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code...
vps-inventory-monitoring 代码注入漏洞
vps-inventory-monitoring is a web inventory monitoring tool developed by individual developer 546669204. vps-inventory-monitoring has a code injection vulnerability, which stems from the use of the eval function in the VpsTest Console component file app/index/command/VpsTest.php, specifically...
Dolibarr ERP CRM 代码注入漏洞
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Version 7.0.3 of Dolibarr ERP CRM contains a code injection vulnerability. This vulnerability stems from injecting PHP code via the dbname parameter, which may allow unauthenticated attackers to execu...
CVE-2026-34926
A directory traversal vulnerability in the Apex One on-premise server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex...
Mermaid 代码注入漏洞
Mermaid is an open-source application developed by mermaid-js. It uses text and code to create charts and visualizations. Mermaid versions 10.9.5 and earlier, as well as versions 11.0.0-alpha.1 through 11.12.0, have a code injection vulnerability. This vulnerability stems from improper cleanup...
Unity Linux 20.1060e / 20.1070e Security Update: nodejs-underscore (UTSA-2026-016621)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016621 advisory. The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function,...
Twig: PHP code injection via `{% use %}` template name
Description Compiler::string escapes ", $, , NUL and TAB when generating PHP double-quoted string literals, but does not escape single quotes. In ModuleNode::compileConstructor, the template name from a % use % tag is compiled via subcompile - string and placed inside a surrounding PHP...
GHSA-7P85-W9PX-JPJP Twig: PHP code injection via `{% use %}` template name
Description Compiler::string escapes ", $, , NUL and TAB when generating PHP double-quoted string literals, but does not escape single quotes. In ModuleNode::compileConstructor, the template name from a % use % tag is compiled via subcompile - string and placed inside a surrounding PHP...
CVE-2026-8467
Code Injection vulnerability in phenixdigital phoenixstorybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler in 'Elixir.PhoenixStorybook.Story.PlaygroundPreviewLive':handleevent/3...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality (CVE-2026-41242, CVE-2026-4800) and denial of service (CVE-2026-27141)
Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality CVE-2026-41242, CVE-2026-4800 and denial of service CVE-2026-27141. This bulletin provides patch information to address the reported vulnerabilities in Node.js modules protobufjs...
CVE-2026-34926
A directory traversal vulnerability in the Apex One on-premise server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex...
EUVD-2026-31284
A directory traversal vulnerability in the Apex One on-premise server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex...
CVE-2026-34926
A directory traversal vulnerability in the Apex One on-premise server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex...
PT-2026-42692
Name of the Vulnerable Software and Affected Versions Twig versions 3.15.0 through 3.x Description The obj.expr dynamic-attribute syntax allows the attribute to be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, the...