710 matches found
EUVD-2023-53738
Malicious code in bioql PyPI...
Langley Online Banking System 代码注入漏洞
Langley Online Banking System is an online banking system from Langley Corporation. A code injection vulnerability exists in the Langley Online Banking System, which originates from a misuse of the parameter Error in file /connectionerror.php and could lead to a cross-site scripting attack...
NVIDIA Megatron-LM Code Injection Vulnerability (CNVD-2025-23255)
NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that specializes in training large Transformer language models. NVIDIA Megatron-LM suffers from a code injection vulnerability that can be exploited by attackers to cause code injection, elevation of privilege,...
Gardener Extension for AWS provider 代码注入漏洞
Gardener Extension for AWS provider is an =extension controller= for Gardener open source. A code injection vulnerability exists in Gardener Extension for AWS provider, which stems from a vulnerability that could allow a user with administrative privileges to gain control of a seeded cluster via...
Dyad 代码注入漏洞
Dyad is an AI application builder open-sourced by Dyad. A code injection vulnerability exists in Dyad 0.19.0 and earlier versions, which stems from the Preview Window feature that can bypass Docker container protection and could lead to the execution of arbitrary code...
itsourcecode E-Logbook with Health Monitoring System for COVID-19 代码注入漏洞
itsourcecode E-Logbook with Health Monitoring System for COVID-19 is an electronic logging system for the New Crown Pneumonia Health Monitoring System for COVID-19 open source by itsourcecode. A code injection vulnerability exists in itsourcecode E-Logbook with Health Monitoring System for COVID-...
PT-2025-37405
Name of the Vulnerable Software and Affected Versions: fcba zzm ics-park Smart Park Management System version 2.0 Description: A code injection vulnerability exists in the Scheduled Task Module of the fcba zzm ics-park Smart Park Management System. The issue is located in an unknown function with...
SAP NetWeaver AS Java 代码注入漏洞
SAP NetWeaver AS Java is a platform system from SAP, a German company. A code injection vulnerability exists in SAP NetWeaver AS Java that originates from allowing the uploading of arbitrary files, which could lead to full control of the system...
CGM CLININET Code Injection Vulnerability (CNVD-2025-19814)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from a system function that fails to properly filter special elements of a constructed code segment. An attacker can exploit this vulnerability to execute...
CVE-2025-53419
Delta Electronics COMMGR is affected by a stack-based buffer overflow and a code injection vulnerability in versions 2.9.0 and earlier, allowing an attacker to execute arbitrary code by crafting specially designed .isp files. The CVE entry notes local attack vector with high impact (C: High, I: H...
Delta Electronics COMMGR 安全漏洞
Delta Electronics COMMGR is a communication management software from Delta Electronics China. A code injection vulnerability exists in Delta Electronics COMMGR, which can be exploited by an attacker to execute arbitrary code on the system...
CVE-2025-30975
CVE-2025-30975 affects the WordPress plugin Add Custom Codes (versions up to 4.80). The issue is described as Improper Control of Generation of Code (Code Injection) allowing Remote Code Execution for authenticated users (Contributor+). Documents confirm the vulnerability is still unpatched (Patc...
CVE-2025-54019 WordPress Alone < 7.8.5 - Arbitrary Code Execution Vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through 7.8.5...
WordPress plugin Alone 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on servers running PHP and MySQL, and the WordPre...
CVE-2025-7961
Improper Control of Generation of Code 'Code Injection' vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0...
ExpressGateway express-gateway 代码注入漏洞
ExpressGateway express-gateway is an interface service of ExpressGateway open source. A code injection vulnerability exists in ExpressGateway express-gateway version 1.16.10 and earlier, which stems from cross-site scripting in the lib/rest/routes/users.js file...
CVE-2025-7961
CVE-2025-7961 affects Wulkano KAP for MacOS (version 3.6.0). The root cause is Improper Generation of Code (Code Injection), enabling a TCC bypass. The CVSS-like data indicates Local attack, Low privileges, No user interaction, with Confidentiality impact High and other impacts limited (Integrity...
CVE-2025-7961 KAP 3.6.0 - TCC Bypass
Improper Control of Generation of Code 'Code Injection' vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0...
CVE-2025-55192
HomeAssistant-Tapo-Control exposes a code injection vulnerability in its GitHub Actions workflow .github/workflows/issues.yml, prior to commit 2a3b80f. The workflow directly inserts user-controlled content from the issue body (github.event.issue.body) into a Bash conditional without proper saniti...
CVE-2025-49887
Improper Control of Generation of Code 'Code Injection' vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Remote Code Inclusion.This issue affects Product XML Feed Manager for WooCommerce: from n/a through = 2.9.3...