GHSA-29M8-WH9P-5WC4 Apache Kylin Code Injection via JDBC Configuration Alteration

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system an...

CVE-2025-30067

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system an...

CVE-2025-28893

Improper Control of Generation of Code 'Code Injection' vulnerability in Govind Visual Text Editor visual-text-editor allows Remote Code Inclusion.This issue affects Visual Text Editor: from n/a through = 1.2.1...

CVE-2025-28893 WordPress Visual Text Editor plugin <= 1.2.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Govind Visual Text Editor visual-text-editor allows Remote Code Inclusion.This issue affects Visual Text Editor: from n/a through = 1.2.1...

CVE-2024-10208

CVE-2024-10208 is a Cross Site Scripting vulnerability in the APROL Web Portal of B&R APROL versions before 4.4-00P5. The issue stems from improper input-neutralization during web page generation, allowing an authenticated network-based attacker to insert malicious code that executes in the conte...

PHPGurukul Medical Card Generation System 代码注入漏洞

PHPGurukul Medical Card Generation System is a medical card generation system from PHPGurukul Inc. A code injection vulnerability exists in version 1.0 of the PHPGurukul Medical Card Generation System, which stems from an incorrect manipulation of the parameter searchdata that could lead to a...

Code-Projects Human Resource Management System 代码注入漏洞

Code-Projects Human Resource Management System is an open source human resource management system from Code-Projects. A code injection vulnerability exists in Code-Projects Human Resource Management System version 1.0.1, which stems from a code injection vulnerability in the handler A cross-site...

GHSA-JCCX-M9V4-9HWH LoLLMS Code Injection vulnerability

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...

LoLLMs Web UI 代码注入漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by the individual developer Saifeddine ALOUI. A code injection vulnerability exists in LoLLMs Web UI version V12, which stems from the uploadapp function not filtering user input, which could result in a path travers...

CVE-2024-21760

An improper control of generation of code 'Code Injection' vulnerability CWE-94 in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code...

UniRide Vehicle Booking Management System 1.0 Shell Upload

UniRide Vehicle Booking Management System version 1.0 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : UniRide Vehicle Booking Management System...

CVE-2024-56336

The CVE-2024-56336 issue affects Siemens SINAMICS S200 devices with serial prefixes SZVS8/SZVS9/SZVS0/SZVSN and FS 02, where an unlocked bootloader enables injection of malicious code or installation of untrusted firmware. The vulnerability stems from the unsecured bootloader, compromising device...

Control iD RHiD 代码注入漏洞

Control iD RHiD is a complete system from Control iD that allows point computing in the cloud. A code injection vulnerability exists in Control iD RHiD version 25.2.25.0, which stems from the fact that incorrect manipulation of the parameter message can lead to cross-site scripting...

CVE-2025-26970

Improper Control of Generation of Code 'Code Injection' vulnerability in FRESHFACE Ark Theme Core ark-core allows Code Injection.This issue affects Ark Theme Core: from n/a through 1.71.0...

Zabbix 7.0.1rc1 Remote Code Execution

Zabbix server version 7.0.1rc1 remote code execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Zabbix server v 7.0.1rc1 PHP Code Injection...

novel 代码注入漏洞

novel is an open source novel system by xxyopen open source. A security vulnerability exists in novel 4.4.0 and earlier versions, which stems from vulnerability to remote code execution attacks...

CVE-2025-22270

An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the...

Judge0 1.13.0 Code Execution

Judge0 version 1.13.0 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Judge0 v 1.13.0 PHP Code Injection Vulnerability | | Author : indoushka | |...

CVE-2025-1068 There is a code injection vulnerability in Esri ArcGIS AllSource

There is an untrusted search path vulnerability in Esri ArcGIS AllSource 1.2 and 1.3 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS AllSource, th...

CVE-2025-1068 There is a code injection vulnerability in Esri ArcGIS AllSource

There is an untrusted search path vulnerability in Esri ArcGIS AllSource 1.2 and 1.3 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS AllSource, th...