36507 matches found
PT-2026-34660
Name of the Vulnerable Software and Affected Versions FunnelFormsPro versions n/a through 3.8.1 Description Improper Control of Generation of Code allows Remote Code Inclusion, which enables an attacker to inject and execute arbitrary code. Recommendations At the moment, there is no information...
ntfy 代码注入漏洞
NTFY is a notification service system developed by Philipp Heckel, designed to enable cross-device message delivery through the publish-subscribe mechanism. Versions of NTFY prior to version 2.21 contained a code injection vulnerability. This vulnerability stemmed from issues with the parseAction...
Exploit for Code Injection in Glpi-Project Glpi
No d...
PowerDNS Authoritative Server 代码注入漏洞
The PowerDNS Authoritative Server is a DNS server developed by the Dutch company PowerDNS. There is a code injection vulnerability in the PowerDNS Authoritative Server. This vulnerability allows attackers to send notification requests, resulting in new auxiliary domains being added to the bind...
Kiota 代码注入漏洞
Kiota is an open-source OpenAPI client code generation tool developed by Microsoft. Versions of Kiota prior to 1.31.1 contained a code injection vulnerability. This vulnerability stemmed from issues with literal injections in code generation when multiple writer-receiver pairs were involved. When...
TLSCheck 2.0: An Enhanced Memory Forensics Approach to Efficiently Detect TLS Callbacks
Memory analysis is a crucial technique in digital forensics that enables investigators to examine the runtime state of a system through physical memory dumps. While significant advances have been made in memory forensics, the detection and analysis of Thread Local Storage TLS callbacks remain...
Dolibarr Allows Code Injection through its Website Module
In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...
GHSA-676V-WH57-P375 Dolibarr Allows Code Injection through its Website Module
In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...
CVE-2026-31018
In Dolibarr ERP & CRM <= 22.0.4, the Website module’s PHP code detection and editing permission enforcement is not consistently applied to all input parameters. This allows an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website ...
Home Assistant 代码注入漏洞
Home Assistant is an open-source family automation management system developed by Home Assistant. This system is primarily used to control household automation devices. Versions of Home Assistant prior to 1.0.0 had a code injection vulnerability. This vulnerability stemmed from the use of unlimit...
WWBN AVideo 代码注入漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained a code injection vulnerability. This vulnerability stemmed from the WebSocket server in the YPTSocket plugin, which forwarded JSON messages provided by attackers...
CVE-2026-31018
In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...
CVE-2026-31018
In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...
Arbitrary Code Injection
Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Arbitrary Code Injection via the reranking endpoint when a model file containing a malicious tokenizer.chattemplate is loaded, due to...
Exploit for Code Injection in Langflow
No d...
CVE-2026-39918
Vvveb before 1.0.8.1 contains a code injection vulnerability in the installation endpoint. The subdir POST parameter is written unsanitized into env.php without escaping or validation, allowing an attacker to break out of the string context in the define statement and achieve unauthenticated remo...
CVE-2026-39918 Vvveb < 1.0.8.1 Code Injection via Installation Endpoint
Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in t...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the -env-vars process when multi-step templates are used against untrusted targets. An attacker can execute arbitrary code by injecting malicious DSL expressions. This is only exploitable if multi-step...
Security Bulletin: IBM App Connect Enterprise is vulnerable to Arbitrary Code Injection due to Node js module jsonpath (CVE-2026-1615)
Summary IBM App Connect Enterprise runtime is vulnerable to Arbitrary Code Injection due to Node js module jsonpath. Vulnerability Details CVEID:CVE-2026-1615 DESCRIPTION: Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-suppli...
EUVD-2026-23770
A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...