CVE-2025-39483

Improper Control of Generation of Code 'Code Injection' vulnerability in imithemes Eventer allows Code Injection.This issue affects Eventer: from n/a before 3.9.9.1...

CVE-2025-39483

CVE-2025-39483 is an Unauthenticated Shortcode/Code Injection vulnerability in the imithemes Eventer WordPress plugin. Affected: Eventer before 3.9.9.1 (via versions up to 3.9.6 per sources). Impact: shortcodes could be abused to inject code. Remediation: update Eventer to version 3.9.9.1 or late...

WordPress plugin Eventer 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

CVE-2025-53187

Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function calls without prio...

BIT-GITLAB-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...

PT-2025-32562

Name of the Vulnerable Software and Affected Versions: ABB ASPECT versions prior to 3.08.04-s01 Description: An issue in configuration led to the inclusion of debugging code in the released version of ABB ASPECT, allowing attackers to bypass authentication. This can enable an attacker to change t...

Linux Distros Unpatched Vulnerability : CVE-2024-1552

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.Note: This issue only affects 32-bit ARM devices. Th...

AI wrote my code and all I got was this broken prototype

Welcome to this week's edition of the Threat Source newsletter. Vulnerabilities within software are a persistent challenge. Software engineers inadvertently tend to make the same mistakes repeatedly, with the same entries appearing in the annual top 25 list of Common Weakness Enumerations each...

Dassault Systèmes DELMIA Apriso 安全漏洞

Dassault Systèmes DELMIA Apriso is an interactive manufacturing application for digital enterprises from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes DELMIA Apriso versions 2020 through 2025 that stems from improper code generation controls and could lead to the...

PurpCode: Reasoning for Safer Code Generation

We introduce PurpCode, the first post-training recipe for training safe code reasoning models towards generating secure code and defending against malicious cyberactivities. PurpCode trains a reasoning model in two stages: i Rule Learning, which explicitly teaches the model to reference cybersafe...

SAMSUNG MagicINFO 9 Server Code Injection Vulnerability

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a code injection vulnerability that originates from improper code generation control and can be exploited by an attacker ...

CVE-2025-54451

Improper Control of Generation of Code 'Code Injection' vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

CVE-2025-54451

Improper Control of Generation of Code 'Code Injection' vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

SAMSUNG MagicINFO 9 Server 安全漏洞

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a code injection vulnerability that originates from improper code generation control and can be exploited by an attacker ...

Microsoft SharePoint Remote Code Execution Vulnerability

SharePoint Server is a locally deployed enterprise collaboration platform from Microsoft that supports content sharing, knowledge management, and application integration, and works seamlessly with Microsoft 365 subscriptions to access the latest features. A remote code execution vulnerability...

A Mixture of Linear Corrections Generates Secure Code

Large language models LLMs have become proficient at sophisticated code-generation tasks, yet remain ineffective at reliably detecting or avoiding code vulnerabilities. Does this deficiency stem from insufficient learning about code vulnerabilities, or is it merely a result of ineffective...

SUSE CVE-2025-38339

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: fix JIT code size calculation of bpf trampoline archbpftrampolinesize provides JIT size of the BPF trampoline before the buffer for JIT'ing it is allocated. The total number of instructions emitted for BPF trampoline...

OpenText Directory Services 代码注入漏洞

OpenText Directory Services OTDS is an information management solution from OpenText Canada Inc. integrating OpenText products and solutions with the company's enterprise directory infrastructure. A code injection vulnerability exists in OpenText Directory Services version 23.4 that stems from...

WordPress plugin Alone 代码注入漏洞

WordPress Alone is a theme designed for nonprofit organizations, primarily for the WordPress platform. WordPress Alone suffers from a code injection vulnerability that stems from improper code generation controls, no details of the vulnerability are provided at this time...

RedCoder: Automated Multi-Turn Red Teaming for Code LLMs

Large Language Models LLMs for code generation i.e., Code LLMs have demonstrated impressive capabilities in AI-assisted software development and testing. However, recent studies have shown that these models are prone to generating vulnerable or even malicious code under adversarial settings...