SAP ERP BW Business Content Code Injection Vulnerability

SAP ERP BW Business Content is a cloud-based e-commerce platform that helps companies create a personalized and seamless buying experience for their customers. SAP ERP BW Business Content suffers from a code injection vulnerability that can be exploited by an attacker to execute arbitrary code...

CVE-2024-13861

A code injection vulnerability in the Debian package component of Taegis Endpoint Agent Linux versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected...

CVE-2024-13861

A code injection vulnerability in the Debian package component of Taegis Endpoint Agent Linux versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected...

CVE-2024-13861

CVE-2024-13861 affects Taegis Endpoint Agent (Linux) specifically the Debian package component, with versions older than 1.3.10 vulnerable to local code execution as root due to a code-injection issue. Redhat-based RPM deployments are not affected. Remediation: update Debian-based installations t...

CVE-2024-13861

A code injection vulnerability in the Debian package component of Taegis Endpoint Agent Linux versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected...

PT-2025-16113 · Debian +1 · Debian +1

Name of the Vulnerable Software and Affected Versions: Taegis Endpoint Agent Linux versions prior to 1.3.10 Description: A code injection issue in the Debian package component allows local users to execute arbitrary code as root. This issue does not affect Redhat-based systems that use RPM...

CVE-2024-12556

Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal...

CVE-2025-27429 Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating...

CVE-2025-27429 Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating...

Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rvqx-wpfh-mfx7. This link is maintained to preserve external references. Original Description Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote an...

PYSEC-2025-36

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...

oa_system 代码注入漏洞

oasystem is a hailey individual developer's application for the day-to-day operation and management of an organization, used by employees and managers. A code injection vulnerability exists in oasystem version 2025.01.01 and earlier, which stems from the fact that incorrect manipulation of the...

CodeCanyon Perfex CRM 代码注入漏洞

CodeCanyon Perfex CRM is a self-hosted customer relationship management software from CodeCanyon. A code injection vulnerability exists in CodeCanyon Perfex CRM version 3.2.1, which stems from the fact that incorrect manipulation of the parameter description can lead to cross-site scripting...

CVE-2025-30580

Improper Control of Generation of Code 'Code Injection' vulnerability in kellydiek DigiWidgets Image Editor digiwidgets-image-editor allows Remote Code Inclusion.This issue affects DigiWidgets Image Editor: from n/a through = 1.10...

InternLM LMDeploy code injection vulnerability

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has...

CVE-2025-3163 InternLM LMDeploy conf.py open code injection

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has...

BIT-DOLIBARR-2022-0819 Code Injection in dolibarr/dolibarr

Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1...

ThinkOX 代码注入漏洞

ThinkOX is a lightweight social platform developed by individual developer Cai Peichao caipeichao. A code injection vulnerability exists in ThinkOX version 1.0, which stems from a cross-site scripting attack caused by incorrect operation of the parameter keywords...

PT-2025-14390 · Digiwidgets · Digiwidgets Image Editor

Name of the Vulnerable Software and Affected Versions: DigiWidgets Image Editor versions 1.10 and earlier Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability, which allows Remote Code Inclusion. This means that an attacker could potentiall...

PT-2025-14068 · Unknown · Romethemekit For Elementor

Name of the Vulnerable Software and Affected Versions: RomethemeKit For Elementor versions n/a through 1.5.4 Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability, which allows Command Injection. This problem affects over 30,000 active sites...