CVE-2024-49260

Unrestricted Upload of File with Dangerous Type vulnerability in Limbcode WordPress Gallery Plugin – Limb Image Gallery limb-gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through = 1.5.7...

CVE-2024-4889

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the...

CVE-2024-22144

Improper Control of Generation of Code 'Code Injection' vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96...

CVE-2024-8374

UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...

EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞

EasyVirt DC Scope and EasyVirt CO2 Scope are both products of the French company EasyVirt.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution for IT services, virtual machines and servers in...

CVE-2024-10001 Code Injection Vulnerability in GitHub Enterprise Server Allows Arbitrary Code Execution via Message Handling

A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This enabled the exfiltration of sensitive data by manipulating the DOM, including...

CVE-2024-10001 Code Injection Vulnerability in GitHub Enterprise Server Allows Arbitrary Code Execution via Message Handling

A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This enabled the exfiltration of sensitive data by manipulating the DOM, including...

CVE-2025-23196 Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition

A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using sh -c. An attacker with authenticated...

CVE-2025-23196

CVE-2025-23196 describes a code injection vulnerability in the Ambari Alert Definition feature. An authenticated user can exploit the vulnerability when defining alert scripts, where the script filename field is executed via sh -c , enabling remote command execution on the server. Multiple connec...

CVE-2025-23196 Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition

A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using sh -c. An attacker with authenticated...

Microsoft Windows 代码注入漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Windows Search Component. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are...

SAP BusinessObjects Business Intelligence Platform 代码注入漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP, combining market-leading SAP data integration products, data management products and business intelligence products to eliminate system integration challenges and quickly and easily deploy...

E-Commerce-PHP 代码注入漏洞

E-Commerce-PHP is an e-commerce application using native PHP by the individual developer Kurnia Ramadhan Putra. A code injection vulnerability exists in E-Commerce-PHP version 1.0, which stems from the parameter Name in the file /admin/createproduct.php can lead to cross-site scripting attacks...

CVE-2025-22136

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.217 , Tabby enables several high-risk Electron Fuses, including RunAsNode, EnableNodeCliInspectArguments, and EnableNodeOptionsEnvironmentVariable. These fuses create potential code injection vectors even though the...

Ghostty 代码注入漏洞

Ghostty is a fast, native, feature-rich terminal emulator from the Ghostty open source. A code injection vulnerability exists in Ghostty version 1.0.0. An attacker can exploit this vulnerability to execute arbitrary commands...

CVE-2024-12652 Intumit SmartRobot′s Conversational AI Platform - Improper Control of Generation of Code ('Code Injection')

A Improper Control of Generation of Code 'Code Injection' vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code...

CVE-2024-12652

CVE-2024-12652 affects Intumit SmartRobot’s Conversational AI Platform. A vulnerability in the groovy script function prior to v7.2.0 enables remote authenticated users to execute arbitrary system commands via Groovy code (Code Injection). This can impact availability, confidentiality, and integr...

CVE-2024-12652 Intumit SmartRobot′s Conversational AI Platform - Improper Control of Generation of Code ('Code Injection')

A Improper Control of Generation of Code 'Code Injection' vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code...

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the...

systeminformation 代码注入漏洞

systeminformation is an Npm software library that can obtain information about the operating system. A code injection vulnerability exists in systeminformation version 5.23.6 and earlier. An attacker can exploit this vulnerability to remotely execute code or elevate privileges...