OpenKM 代码注入漏洞

OpenKM is a document management system developed by OpenKM Company in Spain. This system offers features such as version control, file history, and file sharing. Version OpenKM 6.3.12 has a code injection vulnerability. This vulnerability arises from allowing authenticated administrators to submi...

Blitz 代码注入漏洞

Blitz is an open-source full-stack Next.js development toolkit developed by Blitz. Versions of Blitz 3.0.2 and earlier contained a code injection vulnerability. This vulnerability stemmed from an unknown function in the packages/generator/templates/app/src/app/auth/components/LoginForm.tsx file,...

itsourcecode Electronic Judging System 代码注入漏洞

itsourcecode Electronic Judging System is an open-source electronic judging system developed by itsourcecode. Version 1.0 of the itsourcecode Electronic Judging System contains a code injection vulnerability. This vulnerability arises from improper handling of the fname parameter in the...

ThingsBoard 代码注入漏洞

ThingsBoard is a Java-based platform developed by the ThingsBoard team, used for monitoring, managing, and data collection of IoT devices. Versions of ThingsBoard 4.3.1.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the...

CVE-2026-36239

PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality...

SourceCodester Hospitals Patient Records Management System 代码注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a code injection vulnerability. This vulnerability arises from...

CVE-2026-36239

CVE-2026-36239 involves PbootCMS where a code injection flaw exists in the site configuration handling. The connected exploit report specifically describes an authenticated RCE in PbootCMS v3.2.12 backend via the sitecopyright footer field, caused by insecure deserialization and output handling i...

PbootCMS 安全漏洞

PbootCMS is an open-source enterprise website content management system developed using the PHP language. Version PbootCMS 3.2.11 contains a security vulnerability, which stems from code injection in the site configuration function...

PT-2026-43205

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...

PT-2026-43395

Name of the Vulnerable Software and Affected Versions PbootCMS version 3.2.11 Description Code injection is possible within the site configuration functionality. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

PT-2026-43379

A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty 代码注入漏洞

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty are web server integration plugins developed by IBM. Versions 8.5 and 9.0 of these plugins contain a code injection vulnerability that can be exploited by remote code execution attacks...

Pingvin Share 代码注入漏洞

Pingvin Share is a self-hosted file sharing platform developed by Elias Schneider as an individual project. Versions of Pingvin Share prior to 1.13.0 contain a code injection vulnerability. This vulnerability stems from improper handling of the redirect parameter in the getServerSideProps functio...

CVE-2026-36239

PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality...

Student Management System 代码注入漏洞

Student Management System is a student management system developed by Krishanmurariji. There is a code injection vulnerability in Student Management System. This vulnerability stems from improper handling of the Name parameter in the addStudent function of the Students Controller component, which...

WordPress plugin Nyla 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-24937

Improper Control of Generation of Code 'Code Injection' vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3...

CVE-2026-24937

Improper Control of Generation of Code 'Code Injection' vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3...

CVE-2026-24937

CVE-2026-24937 covers a Remote Code Execution in the VideoWhisper WordPress Broadcast Live Video plugin (versions before 7.1.3). The root cause is Improper Control of Generation of Code (Code Injection) in the Broadcast Live Video component, exposed via the plugin before version 7.1.3. Public ref...

EUVD-2026-31763

Improper Control of Generation of Code 'Code Injection' vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3...