36380 matches found
CVE-2026-22314
The CVE-2026-22314 entry concerns Mesalvo Meona’s Client Launcher Component and Meona Server Component, affected by an Improper Control of Generation of Code (Code Injection) vulnerability that enables code execution on other users’ systems. According to the data, the Client Launcher Component is...
CVE-2026-22314
Improper Control of Generation of Code 'Code Injection' vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...
CVE-2026-22314
Improper Control of Generation of Code 'Code Injection' vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...
CVE-2026-22314
Improper Control of Generation of Code 'Code Injection' vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...
EUVD-2026-31090
Improper Control of Generation of Code 'Code Injection' vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...
Arbitrary Code Injection
Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Arbitrary Code Injection via template name handling in the % use % tag compilation path. An attacker can execute arbitrary PHP code by supplying a crafted template nam...
Astra Linux - уязвимость в golang-1.19
Templates do not properly handle backticks as JavaScript string delimiters, and do not escape them as expected. Backticks have been used since ES6 for JavaScript template literals. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be...
Astra Linux - уязвимость в composer
Composer is a dependency manager for the PHP programming language. Integrators who use Composer code to call VcsDriver::getFileContent may encounter a code injection vulnerability if the user can control the $file or $identifier arguments. This vulnerability is documented on packagist.org, where...
Astra Linux - уязвимость в libimage-exiftool-perl
A vulnerability was detected in ExifTool version 13.53. The issue affects the Processmrld function in the lib/Image/ExifTool/GM.pm file, specifically in the JPEG/QuickTime/MOV/MP4 component. Manipulating the -ee argument leads to code injection. Local attacks are required to exploit this...
Astra Linux - уязвимость в libssh
A flaw was discovered in libssh. By using the ProxyCommand or ProxyJump feature, users can exploit unvalidated hostname syntax on the client side. This issue may allow an attacker to inject malicious code into the commands related to these features via the hostname parameter...
Astra Linux - уязвимость в underscore
The package underscore from 1.13.0-0 and before 1.13.0-2, as well as from 1.3.2 and before 1.12.1, are vulnerable to Arbitrary Code Injection via the template function, especially when a variable property is passed as an argument without proper sanitization...
PhoenixStorybook 代码注入漏洞
PhoenixStorybook is an open-source component display and interaction debugging UI tool developed by Phenix Digital. Versions of PhoenixStorybook from 0.5.0 to 1.1.0 had a code injection vulnerability. This vulnerability stemmed from uncleaned attribute value interpolation, which led to code...
PT-2026-42141
Improper Control of Generation of Code 'Code Injection' vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...
PT-2026-42179
Code Injection vulnerability in phenixdigital phoenix storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler in 'Elixir.PhoenixStorybook.Story.PlaygroundPreviewLive':handle event/3...
UBUNTU-CVE-2026-5090
Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...
CVE-2026-46586
Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...
CVE-2026-35086
Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-31379
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...
CVE-2026-46586
Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...
CVE-2026-46586 Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution
Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...