SourceCodester Pharmacy Sales and Inventory System Code Injection Vulnerability

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a code injection vulnerability. This vulnerability arises from improper...

Blitz 代码注入漏洞

Blitz is an open-source full-stack Next.js development toolkit developed by Blitz. Versions of Blitz 3.0.2 and earlier contained a code injection vulnerability. This vulnerability stemmed from an unknown function in the packages/generator/templates/app/src/app/auth/components/LoginForm.tsx file,...

PT-2026-30455

A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the function eval of the file premsql/agents/baseline/workers/followup.py. This manipulation of the argument result causes code injection. The attack is possible to be carried out remotely. The exploit has been made...

happy-dom 代码注入漏洞

Happy-Dom is a JavaScript implementation of a web browser with no graphical interface, developed by David Ortner. Versions of Happy-Dom prior to 20.8.7 contained a code injection vulnerability. This vulnerability stemmed from issues with the ECMAScriptModuleCompiler, which could allow attackers t...

yoke 代码注入漏洞

Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained a code injection vulnerability. This vulnerability stemmed from the lack of proper URL validation in the Air Traffic Controller component, allowing users with the authority to create or...

Itsourcecode Society Management System Code Injection Vulnerability

itsourcecode Society Management System is an open-source social management system developed by itsourcecode. Version 1.0 of the itsourcecode Society Management System has a code injection vulnerability. This vulnerability arises from incorrect handling of parameters in the file admin/expenses.php...

HOMEECMS 代码注入漏洞

HOMEECMS is an e-commerce site builder system by tgywatalive individual developer. HOMEECMS b59d7feaa9094234e8aa6c8c6b290621ca575ded and previous versions of the code injection vulnerability, the vulnerability stems from the parameter productName in the file...

Toeverything AFFiNE 代码注入漏洞

Toeverything AFFiNE is a knowledge management software from Toeverything open source. AFFiNE 0.24.1 and earlier versions suffer from a code injection vulnerability that stems from an unknown code flaw in the Avatar Upload Image Endpoint component, which could lead to a cross-site scripting attack...

EUVD-2016-6347

Malware in sbrugna...

RISC Zero Ethereum 代码注入漏洞

RISC Zero Ethereum is a computing platform open-sourced by RISC Zero. A code injection vulnerability exists in RISC Zero Ethereum that originates from a host that can write to an arbitrary memory location of a visitor using a specially crafted response, which could lead to the execution of...

i-Educar 代码注入漏洞

i-Educar is a free educational software from Portábilis Open Source. A code injection vulnerability exists in i-Educar 2.10 and earlier versions, which stems from a misuse of the parameter nmanotacao/descricao in the file /intranet/educarcalendarioanotacaocad.php, which could lead to a cross-site...

SAMSUNG MagicINFO 9 Server 安全漏洞

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a code injection vulnerability that originates from improper code generation control and can be exploited by an attacker ...

MRCMS 代码注入漏洞

MRCMS is a content management system by the individual developer of marker. A code injection vulnerability exists in MRCMS version 3.1.2, which stems from improper manipulation of the file /admin/link/edit.do in the component External Link Management Page, which could lead to a cross-site scripti...

PT-2025-5497 · WordPress · Wpspins Post/Page Copying Tool

Name of the Vulnerable Software and Affected Versions: WPSpins Post/Page Copying Tool versions 0 through 2.0.3 Description: The issue is related to improper control of code generation, allowing remote code inclusion due to a code injection flaw. This enables remote code inclusion, posing a...

RHEL 6 / 7 : rh-ror41 (RHSA-2016:0456)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0456 advisory. The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller MVC framework for web application...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple Java and Node.js security vulnerabilities listed herein. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low...

SPAM SQR 代码注入漏洞

Softnext Technologies SPAM SQR is a comprehensive email filtering platform from China-based Softnext Technologies. A code injection vulnerability exists in SPAM SQR versions prior to 2.221231, which stems from a code injection flaw. An attacker can exploit this vulnerability to execute system...

Cisco Unified Communications Manager和Cisco Unity Connection 代码注入漏洞

Cisco Unity Connection UC and Cisco Unified Communications Manager CUCM, Unified CM, CallManager are both products of Cisco Corporation.Cisco Unity Connection is a voice Cisco Unity Connection is a voice messaging platform. The platform can use voice commands to make calls or listen to messages i...

Updated mercurial packages fix CVE-2014-9462

Updated mercurial packages fix security vulnerability: The mercurial source code management system suffers from a code-injection flaw due to insufficient shell quoting in sshpeer.validaterepo CVE-2014-9462...

MGASA-2015-0129 Updated mercurial packages fix CVE-2014-9462

Updated mercurial packages fix security vulnerability: The mercurial source code management system suffers from a code-injection flaw due to insufficient shell quoting in sshpeer.validaterepo CVE-2014-9462...