CVE-2026-33913 OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing to read arbitrary files from the server. Version 8.0.0....

EUVD-2004-2333

Malware in sbrugna...

EUVD-2024-45912

Malicious code in bioql PyPI...

CVE-2024-52427

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include SSI Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.3.11...

CVE-2024-52427

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include SSI Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.3.11...

CVE-2024-52427 WordPress Event Tickets with Ticket Scanner plugin <= 2.3.11 - Remote Code Execution (RCE) vulnerability

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include SSI Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.3.11...

CVE-2023-1728

Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include SSI Injection. This issue affects LMS: before 23.04.03...

Design/Logic Flaw

Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include SSI Injection.This issue affects LMS: before 23.04.03...

DEBIAN-CVE-2022-29221

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...

U.S. Dept Of Defense: Server-side include injection vulnerability in a DoD website

A Department of Defense website was vulnerable to a Server-Side Include Injection attack which could have allowed an attacker to inject code into HTML pages or, under some circumstances, perform remote code execution. @jutsuce was as able to demonstrate this vulnerability by crafting a specially...

CVE-2004-2341

PHP file include injection vulnerability in isearch.inc.php for iSearch allows remote attackers to execute arbitrary code via the isearchpath parameter...

compaq.txt

SSI vulnerability in Compaq Web Based Management Agent ====================================================== Type of vulnerabilities: Server Side Include injection. Exploitable. Stack overflows and access violations. Exploitable? Creation of script objects. Exploitable? Affected Software: Compaq...