Lucene search
+L

714 matches found

Github Security Blog
Github Security Blog
added 2 hours ago3 views

oapi-codegen: OpenAPI Server Description Escapes Generated Go Comment and Injects Executable Code

Summary The vulnerability in oapi-codegen seems to be similar with CVE-2026-22785, which is a generated-code injection issue where untrusted OpenAPI summary text is embedded into generated TypeScript MCP server source without proper escaping. oapi-codegen has a similar vulnerability in its server...

9.8CVSS6.2AI score0.00709EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2026/06/16 4:8 p.m.33 views

CVE-2026-24155

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00193EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 8:16 p.m.4 views

DEBIAN-CVE-2025-56814

A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

7.8CVSS6.2AI score0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

CollegeManagementSystem 代码注入漏洞

CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. CollegeManagementSystem has a code injection vulnerability. This vulnerability stems from improper handling of the departmentname parameter in the...

5.3CVSS4.7AI score0.00273EPSS
Exploits0References7
Rockylinux
Rockylinux
added 2026/06/04 12:4 p.m.17 views

qt6-qtdeclarative security update

An update is available for qt6-qtdeclarative. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Qt6 - QtDeclarative component. Security Fixes: qt: Qt SVG: Arbitra...

9.3CVSS5.9AI score0.00224EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

Google Chrome 代码注入漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 had a code injection vulnerability, which was caused by accessibility script injection. This vulnerability could allow attackers to inject arbitrary scripts or HTML through...

5.4CVSS5.6AI score0.00121EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

IBM WebSphere Application Server(WAS) 代码注入漏洞

IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and running Java enterprise applications. IBM WebSphere Application Server has a security control bypass vulnerability. This vulnerability stems from the improper implementation of securi...

9CVSS6AI score0.00508EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

CloudPirates Open Source Helm Charts 代码注入漏洞

CloudPirates Open Source Helm Charts is a collection of Helm Charts for cloud-native applications, developed by CloudPirates.io. Previous versions of CloudPirates Open Source Helm Charts had a code injection vulnerability. This vulnerability stems from executing code controlled by the attacker in...

10CVSS5.4AI score0.00275EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty 代码注入漏洞

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty are web server integration plugins developed by IBM. Versions 8.5 and 9.0 of these plugins contain a code injection vulnerability that can be exploited by remote code execution attacks...

9.8CVSS6.4AI score0.00847EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 12:0 a.m.35 views

CVE-2026-36239

CVE-2026-36239 involves PbootCMS where a code injection flaw exists in the site configuration handling. The connected exploit report specifically describes an authenticated RCE in PbootCMS v3.2.12 backend via the sitecopyright footer field, caused by insecure deserialization and output handling i...

4.3CVSS5.8AI score0.00247EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.13 views

Code-Projects Employee Management System 代码注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system . A code injection vulnerability exists in code-projects Employee Management System version 1.0, which stems from manipulation of the parameter ID in the file /changepassemp.php, and could lead to...

5.3CVSS5.3AI score0.00263EPSS
Exploits0References5
OSV
OSV
added 2026/05/19 9:36 a.m.3 views

CVE-2026-35086 Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services

Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.9AI score0.00497EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.13 views

Amazon Redshift Python Connector 代码注入漏洞

The Amazon Redshift Python Connector is a Python-compatible connector for Amazon Redshift developed by Amazon, Inc. Versions of the Amazon Redshift Python Connector prior to version 2.1.14 contained a code injection vulnerability. This vulnerability stemmed from the unsafe use of the Python eval...

9.8CVSS6.1AI score0.00808EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

oinone-pamirs 代码注入漏洞

Oinone-Pamirs is an open-source AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains a code injection vulnerability. This vulnerability stems from the ScriptRunner.run method in the ScriptRunner component evaluating scripts controlled by the attack...

6.5CVSS5.9AI score0.00319EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.11 views

SAP NetWeaver AS ABAP Code Injection (3735359)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a code injection vulnerability as referenced in SAP Security Note 3735359: - A code injection vulnerability exists in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform. An authenticated attacker with low...

4.3CVSS6AI score0.00255EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

SPIP 代码注入漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.14 had a code injection vulnerability, which was caused by remote code execution from private spaces, potentially allowing arbitrary code to be executed...

8.8CVSS6.5AI score0.00502EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Microsoft Data Formulator 代码注入漏洞

Microsoft Data Formulator is an AI data visualization and analysis tool developed by Microsoft Corporation in the United States, powered by large language models. Microsoft Data Formulator has a code injection vulnerability. Attackers can exploit this vulnerability to execute code remotely...

8.8CVSS6AI score0.00842EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Microsoft Dynamics 365 代码注入漏洞

Microsoft Dynamics 365 is a ERP business solution developed by the American company Microsoft, designed for multinational enterprises. It is used for financial management, production management, and business intelligence management, among other purposes. There is a code injection vulnerability in...

9.9CVSS6.2AI score0.01194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.42 views

PT-2026-39923

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

4.3CVSS6.3AI score0.00255EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/10 3:31 p.m.23 views

EUVD-2022-55969

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

8.8CVSS6.1AI score0.00347EPSS
Exploits0References4
Rows per page
Query Builder