PT-2025-28601

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint versions prior to the July 2025 patchday. Description An issue exists in Microsoft SharePoint related to improper control of code generation, potentially allowing remote code execution. This vulnerability has been actively...

Portábilis i-Educar 代码注入漏洞

Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. A code injection vulnerability exists in Portábilis i-Educar version 2.9.0, which stems from improper handling of the parameter Função in the file /intranet/educarfuncaodet.php, which...

CVE-2025-52718

Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Remote Code Inclusion.This issue affects Alone: from n/a through = 7.8.2...

CVE-2025-49302

Improper Control of Generation of Code 'Code Injection' vulnerability in Scott Paterson Easy Stripe easy-stripe allows Remote Code Inclusion.This issue affects Easy Stripe: from n/a through = 1.1...

CVE-2025-49302

CVE-2025-49302 affects WordPress plugin Easy Stripe (versions

CVE-2025-27358

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Code Injection.This issue affects Frontend File Manager: from n/a through = 23.6...

CVE-2025-34039

A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...

CVE-2025-34039 Yonyou NC BeanShell Command Injection

A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...

PHPGurukul COVID19 Testing Management System 代码注入漏洞

The COVID19 Testing Management System is a new crown pneumonia testing management system. COVID19 Testing Management System suffers from a code injection vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by parameter q in file...

Code Injection Vulnerabilities in Various ABB Products (CNVD-2025-13765)

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

Code Injection Vulnerability in Various ABB Products (CNVD-2025-13767)

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

CVE-2025-48140

Improper Control of Generation of Code 'Code Injection' vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injection.This issue affects MetalpriceAPI: from n/a through = 1.1.4...

CVE-2025-48140

Improper Control of Generation of Code 'Code Injection' vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injection.This issue affects MetalpriceAPI: from n/a through = 1.1.4...

CVE-2025-48123

Improper Control of Generation of Code 'Code Injection' vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Code Injection.This issue affects Spreadsheet Price Changer for...

CVE-2025-48140 WordPress MetalpriceAPI plugin <= 1.1.4 - Remote Code Execution (RCE) Vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injection.This issue affects MetalpriceAPI: from n/a through = 1.1.4...

CVE-2025-49013 WilderForge vulnerable to code Injection via GitHub Actions Workflows

WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of $ github.event.review.body and other user controlled variables directly inside shell script contexts in GitHub...

CVE-2025-41362

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that...

CVE-2025-41365

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that...

CVE-2025-41362

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that...

CVE-2025-41365

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that...