CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

CVE-2025-12637

The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the processtheme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2025-26405

Improper control of dynamically-managed code resources for some IntelR NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

CVE-2025-26405

Affected product: Intel® NPU Driver for Linux (Ring 3: User Applications). Vulnerability: Improper control of dynamically-managed code resources can lead to a denial of service. An unprivileged, authenticated user with low attack complexity and passive user interaction may trigger DoS via local a...

CVE-2025-26405

Improper control of dynamically-managed code resources for some IntelR NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

EUVD-2020-25347

Malware in sbrugna...

EUVD-2025-22080

Malicious code in bioql PyPI...

EUVD-2022-45960

Malicious code in bioql PyPI...

EUVD-2022-25223

Malicious code in bioql PyPI...

EUVD-2022-24998

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-11201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor al...

Linux Distros Unpatched Vulnerability : CVE-2024-40673

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input...

CVE-2025-55346 Unintended dynamic code execution leads to remote code execution by network attackers

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...

CVE-2025-6101

A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function functionmessage of the file letta/letta/interface.py. The manipulation of the argument functionname/functionargs leads to improper neutralization of directives in dynamically evaluated...

CVE-2025-6101

CVE-2025-6101 affects the letta-ai letta project up to version 0.4.1. The vulnerable component is the function_message logic in the file letta/letta/interface.py, where manipulation of the arguments function_name/function_args enables improper neutralization of directives in dynamically evaluated...

CVE-2022-42902

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

CVE-2022-1716

Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation...

CVE-2020-4100

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...

CVE-2019-15417

The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=7, versionName=7.0.5 that allows unauthorized dynamic code...

The vulnerability of the software interface of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability arises from the failure to implement measures to neutralize instructions in dynamically executed code, allowing attackers to execute arbitrary code.

The vulnerability of the software interface of the XWiki Platform for creating collaborative web applications lies in the failure to implement measures to neutralize instructions within the dynamically executed code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...