CVE-2025-49887 WordPress Product XML Feed Manager for WooCommerce Plugin <= 2.9.3 - Remote Code Execution (RCE) Vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Remote Code Inclusion.This issue affects Product XML Feed Manager for WooCommerce: from n/a through = 2.9.3...

CVE-2025-23306

NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges,...

PT-2025-32613

Name of the Vulnerable Software and Affected Versions SAP S/4HANA versions prior to August 2025 Description SAP S/4HANA contains a critical vulnerability that allows an attacker with user privileges to exploit a flaw in a function module exposed via RFC. This allows the injection of arbitrary ABA...

SAP Landscape Transformation 代码注入漏洞

SAP Landscape Transformation is a tool for system data migration and integration from SAP, Germany. A code injection vulnerability exists in SAP Landscape Transformation SLT that originates from the ability to inject arbitrary ABAP code via RFC...

RuoYi 代码注入漏洞

RuoYi is a back-end management system for individual developers of RuoYi in China. RuoYi 4.8.1 and previous versions of code injection vulnerability exists, the vulnerability stems from the file /system/notice/edit in the parameter noticesTitle/noticeContent improper handling of cross-site...

Craft CMS 代码注入漏洞

Craft CMS is an open source content management system CMS from Craft CMS. A code injection vulnerability exists in Craft CMS versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3, which stems from a security key compromise that could allow remote code execution...

CVE-2025-51387

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...

CVE-2025-6204 Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025

An Improper Control of Generation of Code Code Injection vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code...

CVE-2025-6204 Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025

An Improper Control of Generation of Code Code Injection vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code...

Vvveb 注入漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. An injection vulnerability exists in Vvveb version 1.0.5, which stems from code injection due to a misbehavior of the function Save in the file...

PT-2025-31802

Name of the Vulnerable Software and Affected Versions DELMIA Apriso versions 2020 through 2025 Description An Improper Control of Generation of Code Code Injection issue exists in DELMIA Apriso. This could allow an attacker to execute arbitrary code. Recommendations At the moment, there is no...

CVE-2025-51387

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...

Exploit for Code Injection in Xwiki

CVE-2025-24893 - XWiki Platform Remote Code Execution A Pytho...

CVE-2025-7361

A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1...

CVE-2025-53541

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could inser...

CVE-2013-10035

A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPageAjax.php, and casesSchedulerGetPlugins.php, by supplying...

CVE-2013-10035 ProcessMaker Open Source < 2.5.2 neoclassic Skin PHP Code Execution

A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPageAjax.php, and casesSchedulerGetPlugins.php, by supplying...

CVE-2013-10035 ProcessMaker Open Source < 2.5.2 neoclassic Skin PHP Code Execution

A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPageAjax.php, and casesSchedulerGetPlugins.php, by supplying...

Portábilis i-Educar 代码注入漏洞

Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. A code injection vulnerability exists in Portábilis i-Educar version 2.9, which originates from a cross-site scripting attack due to the incorrect operation of the parameter...

PT-2025-31533 · Undefined · Undefined

A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPage Ajax.php, and cases SchedulerGetPlugins.php, by supplyi...