3027 matches found
CVE-2026-15497
Affected software / component: SonicCloudOrg sonic-agent (up to 2.7.2), specifically the JWT Authentication Filter in the ExchangeController.java path. Vulnerability: code injection vulnerability reported as enabling a remote attacker to manipulate code execution. Impact (per docs): remote exploi...
Netsweeper 4.0.3 - Cross-Site Scripting
A cross-site scripting vulnerability in webadmin/policy/grouptableajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO. id: CVE-2014-9608 info: name: Netsweeper 4.0.3 - Cross-Site Scriptin...
Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection
Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...
CVE-2026-14749
A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imbacalculator/calculate.php. The manipulation of the argument mathematicalsentence leads to code injection. The attack is possible to ...
CVE-2026-14749 mjperpinosa stumasy calculate.php eval code injection
A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imbacalculator/calculate.php. The manipulation of the argument mathematicalsentence leads to code injection. The attack is possible to ...
EUVD-2026-41755
A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imbacalculator/calculate.php. The manipulation of the argument mathematicalsentence leads to code injection. The attack is possible to ...
CVE-2026-14749
A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imbacalculator/calculate.php. The manipulation of the argument mathematicalsentence leads to code injection. The attack is possible to ...
CVE-2026-14722
A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...
CVE-2026-14722 tiddly-gittly TidGi-Desktop Git Repository Import loadWikiTiddlersWithSubWikis.ts code injection
A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...
CVE-2026-14722
TidGi-Desktop (tiddly-gittly) up to 0.13.0 is affected by a vulnerability in the Git Repository Import path, specifically src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts, enabling code injection. The issue is triggered by manipulation of the referenced function and is exploitable rem...
CVE-2026-14691
CVE-2026-14691 affects SourceCodester Multi-Vendor Online Grocery Management System 1.0. The vulnerability resides in the function update_settings_info of the file classes/SystemSettings.php (Setting Handler). Manipulating the argument content[] enables code injection. The attack is described as ...
CVE-2026-14691
A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...
EUVD-2026-41714
A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...
CVE-2026-14145
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
PT-2026-54089
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input allows a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. This occurs when a user is convinced to...
CVE-2026-13500
A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The...
PT-2026-53111
Name of the Vulnerable Software and Affected Versions ANTLR4 versions prior to 4.13.3 Description An issue exists in the Grammar Action Block Handler component within the file tool/src/org/antlr/v4/codegen/model/OutputFile.java. A remote attacker can perform a manipulation that leads to code...
Linux Distros Unpatched Vulnerability : CVE-2026-13500
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of...
Security Bulletin: Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows
Summary Langflow OSS contains unauthenticated server-side RCE via PythonCodeStructuredTool executing attacker-controlled Python through exec at flow-build time. Sink in execself.toolcode, globals, localnamespace where toolcode is attacker-controlled template field. Two paths: A Authenticated POST...
CVE-2026-7388
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...