CVE-2025-1067 There is a code injection vulnerability in ArcGIS Pro

There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the fil...

SourceCodester Best Employee Management System 代码注入漏洞

SourceCodester Best Employee Management System is a SourceCodester open source employee management system. A code injection vulnerability exists in version 1.0 of the SourceCodester Best Employee Management System, which originates from cross-site scripting due to incorrect manipulation of the...

CVE-2024-9150 Code Injection in Wyn Enterprise

Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and executing OS commands on a...

CVE-2025-1465

CVE-2025-1465 affects lmxcms 1.41, specifically the db.inc.php file in the Maintenance component. The Red Hat/NVD entries describe an unknown function being manipulated to achieve code injection, with remote exploitation possible. Exploitability is characterized as difficult and needs high privil...

CVE-2024-55062

Code Injection vulnerability in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/...

EUVD-2025-4985

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2025-0513

In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message...

Ivanti Connect Secure 代码注入漏洞

Ivanti Connect Secure ICS is a secure remote network connectivity tool from Ivanti Corporation, USA. A code injection vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.4 and Ivanti Policy Secure prior to version 22.7R1.3, which stems from the inclusion of a code injection issu...

CVE-2022-3721

Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39...

CVE-2022-3696

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA...

CVE-2022-3236

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older...

CVE-2022-39326

kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...

CVE-2020-25197

A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system...

CVE-2020-6248

SAP Adaptive Server Enterprise Backup Server, version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection...

CVE-2020-26838

SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with high developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It i...

CVE-2024-43984

Cross-Site Request Forgery CSRF vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13...

CVE-2024-21576

ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects ...

CVE-2024-23601

A code injection vulnerability exists in the scanlib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scanlib.bin can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-32680

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in PluginUS HUSKY – Products Filter for WooCommerce formerly WOOF allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products...

CVE-2024-5828

Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00...