100 matches found
EUVD-2026-31783
A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...
CVE-2018-25320
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...
CVE-2018-25320 ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...
CVE-2018-25320 ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...
EUVD-2018-21841
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...
CVE-2018-25320
CVE-2018-25320 affects ACL Analytics 11.x through 13.0.0.579. The vulnerability is an arbitrary code execution via the EXECUTE function, enabling an attacker to run commands with SYSTEM privileges. Reported chain includes using bitsadmin to download malicious PowerShell scripts and execute them t...
CVE-2018-25320
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...
CVE-2026-8740
A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...
CVE-2026-8740
A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...
PT-2026-41546
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...
ACL Analytics 代码注入漏洞
ACL Analytics is a data analysis platform provided by ACL Corporation, which supports audit analysis, data mining, and risk monitoring. Versions 11.x to 13.0.0.579 of ACL Analytics have a code injection vulnerability. This vulnerability stems from the use of the EXECUTE function, which may allow...
PT-2026-35204
A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...
CVE-2026-6108
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...
CVE-2026-6108 1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...
CVE-2026-6108
1Panel-dev MaxKB up to 2.6.1 is affected in the Model Context Protocol Node, specifically the execute function in apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py. The vulnerability allows remote OS command injection via manipulation of the node, with exploitation described as publi...
PT-2026-32129
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step node/mcp node/impl/base mcp node.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...
MaxKB 操作系统命令注入漏洞
MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB 2.6.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability originated from the execute function in the Model...
Arbitrary Argument Injection
Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the Execute function in the /internal/service/ffmpeg/ffmpeg.go file. An attacker can inject arbitrary arguments into the execution context by supplying crafted input, potentially leading to unauthorized...
EUVD-2026-10197
A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicl...
ffmate 参数注入漏洞
ffmate is an automated media processing engine open sourced by We Love Media. Versions of ffmate 2.0.15 and earlier had a parameter injection vulnerability. This vulnerability stemmed from incorrect operations on the Execute function in the file /internal/service/ffmpeg/ffmpeg.go, which could lea...