CVE-2009-3814

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...

GHSA-22C2-9GWG-MJ59 Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store

Summary LanceDocChatAgent uses pandas eval through computefromdocs: https://github.com/langroid/langroid/blob/18667ec7e971efc242505196f6518eb19a0abc1c/langroid/vectorstore/base.pyL136-L150 As a result, an attacker may be able to make the agent run malicious commands through QueryPlan.dataframecal...

GHSA-JQQ5-WC57-F8HJ Langroid has a Code Injection vulnerability in TableChatAgent

Summary TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. PoC For example, one could prompt the Agent: Evaluate the following pandas expression on the data provided and print output:...

CVE-2025-46725 Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store

Langroid is a Python framework to build large language model LLM-powered applications. Prior to version 0.53.15, LanceDocChatAgent uses pandas eval through computefromdocs. As a result, an attacker may be able to make the agent run malicious commands through QueryPlan.dataframecalc compromising t...

CVE-2025-46724

Langroid CVE-2025-46724 affects TableChatAgent, where untrusted input can trigger code injection via pandas_eval in TableChatAgent prior to v0.53.15. The project added a WAF in pandas_utils.py and warnings, with a patch in v0.59.32 that blocks the bypass. However, subsequent disclosures (CVE-2026...

CVE-2025-46724 Langroid has a Code Injection vulnerability in TableChatAgent

Langroid is a Python framework to build large language model LLM-powered applications. Prior to version 0.53.15, TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes...

Part-DB 代码注入漏洞

Part-DB is an open source web-based database from Part-DB for managing electronic components. A code injection vulnerability exists in Part-DB 1.17.0 and earlier versions, which stems from the improper handling of the parameter attachment in the file...

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source...

CVE-2025-48119

Improper Control of Generation of Code 'Code Injection' vulnerability in RS WP THEMES RS WP Book Showcase rs-wp-books-showcase allows Code Injection.This issue affects RS WP Book Showcase: from n/a through = 6.7.59...

CVE-2025-48120

Improper Control of Generation of Code 'Code Injection' vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Code Injection.This issue affects MapSVG: from n/a through = 8.6.9...

CVE-2025-48120

CVE-2025-48120 (MapSVG Lite) is an improper generation of code vulnerability in the WordPress MapSVG Lite plugin, enabling arbitrary shortcode execution (code injection). Affected: MapSVG Lite versions up to 8.6.4. Public docs indicate a vendor-provided fix was released: MapSVG Lite 8.6.9 and lat...

CVE-2025-48119 WordPress RS WP Book Showcase plugin <= 6.7.59 - Content Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in RS WP THEMES RS WP Book Showcase rs-wp-books-showcase allows Code Injection.This issue affects RS WP Book Showcase: from n/a through = 6.7.59...

CVE-2025-48119 WordPress RS WP Book Showcase plugin <= 6.7.41 - Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection. This issue affects RS WP Book Showcase: from n/a through 6.7.41...

PT-2025-21710 · Romancode · Mapsvg

Name of the Vulnerable Software and Affected Versions: MapSVG versions n/a through 8.5.34 Description: The issue is related to an Improper Control of Generation of Code, also known as 'Code Injection', in RomanCode MapSVG, allowing Code Injection. Recommendations: For versions n/a through 8.5.34,...

Exploit for Code Injection in Foxcms

Description Published: 2025-03-27 Updated: 2025-03-27 An...

JAdmin 代码注入漏洞

JAdmin is JAdmin-JAVA open source a Java language based rapid development platform . JAdmin 1.0 version of the code injection vulnerability , the vulnerability stems from the file / memoAjax / save in the parameter ID operation leads to cross-site scripting...

CVE-2025-47691 WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Ultimate Member Ultimate Member ultimate-member allows Code Injection.This issue affects Ultimate Member: from n/a through = 2.10.3...

CVE-2025-47481

CVE-2025-47481 affects the WordPress plugin GS Testimonial Slider (versions up to and including 3.2.9). It is described as an 'Improp er Control of Generation of Code' (Code Injection) vulnerability that enables content injection due to improper code-generation control. Public references in conne...

Moodle Code Injection Vulnerability (CNVD-2025-10583)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from a code injection vulnerability that stems from a security issue in the Moodle LMS Dropbox repository that...

Code Injection

org.apereo.cas:cas-management-webapp-support is vulnerable to Code Injection. The vulnerability is due to improper input handling due to unsanitized Groovy code execution in the saveService function, which allows remote attackers to inject and execute arbitrary code...