Linux Distros Unpatched Vulnerability : CVE-2025-14576

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage...

CVE-2026-7785

A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quickcapture of the file pysharkmcp.py. The manipulation results in os command injection. The attack may be launched...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the restore process. An attacker can execute arbitrary OS commands by uploading a crafted backup archive that overwrites the application's configuration file and database, injecting malicious commands into t...

Arbitrary Code Injection

Overview github.com/0xJacky/Nginx-UI/api/system is a yet another Nginx Web UI Affected versions of this package are vulnerable to Arbitrary Code Injection via the restore process. An attacker can execute arbitrary OS commands by uploading a crafted backup archive that overwrites the application's...

AzuraCast Vulnerable to Liquidsoap Code Injection via Incomplete cleanUpString-to-toRawString Migration in Remote Relay Password Field

Summary The cleanUpString method in ConfigWriter.php uses an ungreedy regex to strip Liquidsoap string interpolation patterns ... from user input. This regex can be bypassed via nested interpolation syntax EXPR, allowing injection of arbitrary Liquidsoap code. Commit ff49ef4 migrated most...

CVE-2026-7595

A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function formatplugins of the file .claude/skills/ui-styling/scripts/tailwindconfiggen.py of the component Tailwind Config Generator. This manipulation causes code injection. The attac...

CVE-2026-7508

A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...

CVE-2026-7703

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...

pyp2spec is Vulnerable to Code Injection

Impact pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so a malicious package can execute arbitrary commands on the build machine. The macro...

GHSA-R35X-V8P8-XVHW pyp2spec is Vulnerable to Code Injection

Impact pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so a malicious package can execute arbitrary commands on the build machine. The macro...

Arbitrary Code Injection

Overview pyp2spec is a Generate a valid Fedora specfile from Python package from PyPI Affected versions of this package are vulnerable to Arbitrary Code Injection in the process of writing package metadata into the generated spec file without escaping RPM macro directives. An attacker can execute...

Apache Atlas has a Code Injection Vulnerability

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas. Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data. Affected...

GHSA-35XX-9XRG-GWHF Apache Atlas has a Code Injection Vulnerability

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas. Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data. Affected...

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the inspect function. An attacker can execute arbitrary commands on the host system by escaping the...

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the resetPromiseSpecies function. An attacker can execute arbitrary commands on the host system by escaping from the...

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection via the SuppressedError. An attacker can execute arbitrary code outside the intended sandbox environment by...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the DSL search endpoint. An attacker can execute arbitrary code by placing malicious Gremlin traversal logic within grammar-allowed characters to access unintended data. Note: This is only exploitable if the...

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the lookupGetter method and improper context isolation. An attacker can execute arbitrary commands o...

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the lookupGetter method and improper context isolation. An attacker can execute arbitrary commands on the host syste...

CVE-2026-40563

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...