CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

The vulnerability of the ftruncate() function in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ftruncate function in the Linux operating system’s kernel is related to errors in the processing of input data during syntax analysis of code. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Opigno Learning path CMS system’s Drupal module lies in errors during the processing of input data during syntax analysis of code. This allows attackers to execute arbitrary code.

The vulnerability of the Opigno Learning path CMS system’s Drupal component is related to errors in data processing during syntax analysis of code. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2021-38448

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

CVE-2021-38448 Trane Symbio Improper Control of Generation of Code

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

CVE-2021-38450

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

CVE-2021-38450

CVE-2021-38450 (Trane Tracer) is caused by improper sanitization of input containing code syntax, enabling code injection that could alter controller flow. Affected products and versions: Tracer SC (all versions before v4.4 SP7), Tracer SC+ (before v5.5 SP3), Tracer Concierge (before v5.5 SP3). I...

Eaton Intelligent Power Manager Eval Injection Vulnerability

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An Eval injection vulnerability exists in Eaton IPM versions prior to 1.69. The vulnerability arises becaus...

Command injection

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated...