CVE-2024-46494

Typecho v1.2.1 is affected by a cross-site scripting (XSS) vulnerability in the Name parameter under comments on an Article. The vulnerability allows an attacker to execute arbitrary web scripts or HTML, with exploit requiring user interaction (CVSS: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N; base 5.4)...

The vulnerability of the “Open Git Repository in Terminal” control element, a extension for the JupyterLab web-oriented interactive development environment, allows an attacker to gain access to and modify data, as well as execute arbitrary commands.

The vulnerability of the “Open Git Repository in Terminal” control element in the JupyterLab-Git web-oriented interactive development environment is related to the failure to implement measures to neutralize special elements used in the operating system command line. Exploiting this vulnerability...

CVE-2025-2244

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write,...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06615)

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

Dell Unity OS Command Injection Vulnerability

Dell Unity is a set of virtual Unity storage environments from Dell USA. Dell Unity 5.4 and prior versions suffer from an OS command injection vulnerability that stems from the application failing to properly filter construct command special characters, commands, and so on. An attacker could...

TOTOLINK X18 安全漏洞

The TOTOLINK X18 is a gigabit router from China's Gion Electronics. A code execution vulnerability exists in the TOTOLINK X18. The vulnerability stems from sub410E54 in cstecgi.cgi and can be exploited by an attacker to execute arbitrary commands...

CVE-2024-13557

The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possib...

CVE-2024-13557

The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possib...

CVE-2024-13557 Shortcodes by United Themes <= 5.1.6 - Unauthenticated Arbitrary Shortcode Execution

The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possib...

CVE-2025-29903

In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible...

CVE-2025-29903

CVE-2025-29903 affects JetBrains Runtime (JBR) before 21.0.6b872.80, where insecure macOS flags enable arbitrary dynamic library execution. The provided sources confirm the vulnerability in JBR and do not specify concrete exploit vectors beyond the insecure flags issue, nor present a confirmed re...

CVE-2025-29903

In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible...

CVE-2025-2169

The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running...

WordPress plugin WPCS 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin The Code Snippets CPT 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

CVE-2025-25818

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at articlesave.php...

CVE-2025-27146 Matrix IRC Bridge allows IRC command injection to own puppeted user

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...

CVE-2025-25895

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the publictype parameter. This vulnerability allows attackers to execute arbitrary operating system OS commands via a crafted packet...

CVE-2024-13797 PressMart - Modern Elementor WooCommerce WordPress Theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode Execution

The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. This is due to the software allowing users to execute an action that does not properly validate a value before running...

Ivanti CSA OS Command Injection Vulnerability

Ivanti CSA is a locally deployed virtual appliance designed to simplify and enhance the integration of Ivanti products with cloud services. The Ivanti CSA suffers from an OS command injection vulnerability that stems from the application failing to properly filter constructed command special...