36394 matches found
Six Apart Movable Type 代码注入漏洞
Six Apart Movable Type is an application system developed by the Six Apart company in the United States. It offers features such as multi-user access, comments, Trackbacks, and themes. Six Apart Movable Type has a code injection vulnerability; this vulnerability can be exploited by code injection...
Broken Quantum: A Systematic Formal Verification Study of Security Vulnerabilities across the Open-Source Quantum Computing Simulator Ecosystem
Quantum computing simulators form the classical software foundation on which virtually all quantum algorithm research depends. We present Broken Quantum, the first comprehensive formal security audit of the open-source quantum computing simulator ecosystem. Applying COBALT QAI -- a four-module...
WordPress plugin TechOne 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Code-Projects Easy Blog Site 代码注入漏洞
Code-Projects Easy Blog Site is an easy blog website developed by Code-Projects as open source. Version 1.0 of code-projects Easy Blog Site has a code injection vulnerability, which stems from the handling of the parameter postTitle in the file posts/update.php. This vulnerability may lead to...
PT-2026-31193
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...
Gitlab -- vulnerabilities
Gitlab reports: Exposed Method issue in websocket connections impacts GitLab CE/EE Denial of Service issue in Terraform state lock API impacts GitLab CE/EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Denial of Service issue in CSV import impacts GitLab CE/EE Denial of Service issu...
EUVD-2026-19896
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...
PowerJob's GroovyEvaluator.evaluate endpoint vulnerable to code injection
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...
GHSA-WPWF-V25W-54G3 PowerJob's GroovyEvaluator.evaluate endpoint vulnerable to code injection
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...
Revive Adserver: PHP code injection via delivery limitation logical
Vulnerability description not provided...
CVE-2026-5739
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...
Arbitrary Code Injection
Overview tech.powerjob:powerjob-server-core is an enterprise job scheduling middleware with distributed computing ability Affected versions of this package are vulnerable to Arbitrary Code Injection via the GroovyEvaluator.evaluate function in the /openApi/addWorkflowNode endpoint when processing...
CVE-2026-5739 PowerJob OpenAPI Endpoint addWorkflowNode GroovyEvaluator.evaluate code injection
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...
CVE-2026-5739
PowerJob versions 5.1.0/5.1.1/5.1.2 contain a code injection vulnerability in the OpenAPI Endpoint’s GroovyEvaluator.evaluate function (file /openApi/addWorkflowNode). Manipulating the argument nodeParams allows remote code execution. The issue is confirmed in multiple sources (CVE-2026-5739 and ...
CVE-2026-5739 PowerJob OpenAPI Endpoint addWorkflowNode GroovyEvaluator.evaluate code injection
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...
CVE-2026-5739
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...
CVE-2026-5594
A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the function eval of the file premsql/agents/baseline/workers/followup.py. This manipulation of the argument result causes code injection. The attack is possible to be carried out remotely. The exploit has been made...
CVE-2026-5562
A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and...
CVE-2026-5631
A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...
Arbitrary Code Injection
Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Arbitrary Code Injection over the /api/jolokia MBeans interface. A user can execute arbitrary code on the broker's JVM by invoking operations with ...