Command Injection

Overview @evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol GEP for auditable, reusable evolution assets. Affected versions of this package are vulnerable to Command Injection via the runInSandbox function. An...

EUVD-2026-5582

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.70.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

CVE-2026-25592

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.70.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

CVE-2026-25592 Semantic Kernel has an Arbitrary File Write via AI Agent Function Calling in .NET SDK

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK

Impact What kind of vulnerability is it? Who is impacted? An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and...

EUVD-2025-7721

Malicious code in bioql PyPI...

WordPress plugin Fresh Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-26936

CVE-2025-26936 is linked to the WordPress Fresh Framework plugin (versions up to 1.70.0). Multiple connected sources confirm an Unauthenticated Remote Code Execution (RCE) vulnerability arising from improper control/generation of code, enabling code injection by unauthenticated attackers. The iss...

WordPress plugin Fresh Framework 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

CVE-2025-26970

Improper Control of Generation of Code 'Code Injection' vulnerability in FRESHFACE Ark Theme Core ark-core allows Code Injection.This issue affects Ark Theme Core: from n/a through 1.71.0...

CVE-2025-26970

Improper Control of Generation of Code 'Code Injection' vulnerability in FRESHFACE Ark Theme Core ark-core allows Code Injection.This issue affects Ark Theme Core: from n/a through 1.71.0...

CVE-2025-26970 WordPress Ark Theme Core plugin < 1.71.0 - Unauthenticated Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in FRESHFACE Ark Theme Core ark-core allows Code Injection.This issue affects Ark Theme Core: from n/a through 1.71.0...

CVE-2025-26970

CVE-2025-26970 : WordPress Ark Theme Core (ark-core)

WordPress plugin Ark Theme Core 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution RCE vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Fresh Framework versions = 1.70.0...

PT-2025-10595

Name of the Vulnerable Software and Affected Versions Fresh Framework versions 1.70.0 and earlier Description The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability, which allows Code Injection. Recommendations For versions 1.70.0 and earlier, update to a...