CVE-2024-12729

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 21.0.1...

CVE-2024-9154 Authenticated Remote Code Execution

A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 2633...

CVE-2024-9154

CVE-2024-9154 is a code-injection vulnerability in HMS Networks Ewon Flexy 205 that allows executing commands at the system level on the device. Affected product: Ewon Flexy 205 (firmware up to 14.8s0). The issue is described as enabling authenticated remote code execution with impact to confiden...

GHSA-6569-3785-R3V6 UniSharp Laravel Filemanager Code Injection vulnerability

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution RCE through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code...

CVE-2024-54368 WordPress GitSync plugin <= 1.1.0 - CSRF to Remote Code Execution vulnerability

Cross-Site Request Forgery CSRF vulnerability in rubengarzajr GitSync git-sync allows Code Injection.This issue affects GitSync: from n/a through = 1.1.0...

CVE-2024-21576

ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects ...

CVE-2024-21576

ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects ...

WordPress plugin Notibar 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

Angular 代码注入漏洞

Angular is a development platform. for building mobile and desktop web applications using Typescript / JavaScript and other languages. A code injection vulnerability exists in Angular 1.4.2 and earlier versions, which stems from the fact that an attacker can write a malicious expression to break...

GHSA-Q849-WXRC-VQRP hull.js Code Injection Vulnerability

Versions of the library from 0.2.2 to 1.0.9 are vulnerable to the arbitrary code execution due to unsafe usage of new Function... in the module that handles points format. Applications passing the 3rd parameter to the hull function without sanitising may be impacted. The vulnerability has been...

SourceCodester Online Eyewear Shop 代码注入漏洞

SourceCodester Online Eyewear Shop is a SourceCodester open source online eyewear store website project developed using PHP and MySQL, which provides an online shopping and ordering platform for the eyewear business and its potential customers. A code injection vulnerability exists in...

ChuanhuChatGPT Cross-Site Scripting Vulnerability (CNVD-2025-06193)

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT version 20240802 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escapin...

Siemens SCALANCE M-800 Family Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-50572)

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

OS Command Injection

snyk-gradle-plugin is vulnerable to OS Command Injection. The vulnerability is due to the Snyk CLI's failure to correctly sanitize or validate the current working directory name, allowing for potential code injection when running scans on untrusted projects...

CVE-2024-48514

php-heic-to-jpg = 1.0.5 is vulnerable to code injection fixed in 1.0.6. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below...

MariaDB Code Injection Vulnerability

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A code injection vulnerability exists in MariaDB version 10.5, which stems from insecure privileges in the sysexec function and can be exploited by...

CVE-2024-45766

Dell OpenManage Enterprise, versions OME 4.1 and prior, contains an Improper Control of Generation of Code 'Code Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution...

Dell OpenManage Enterprise 代码注入漏洞

Dell OpenManage Enterprise is an easy-to-use, one-to-many system management console for IT infrastructure management from Dell, Inc. The software enables cost-effective, comprehensive lifecycle management of Dell EMC PowerEdge servers from a single console. A code injection vulnerability exists i...

AVideo 12.4 Code Injection

============================================================================================================================================= | Title : AVideo 12.4 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits ...

PHOENIX CONTACT FL/TC MGUARD 代码注入漏洞

The PHOENIX CONTACT FL/TC MGUARD is a series of routers from PHOENIX CONTACT, Germany. A code injection vulnerability exists in the PHOENIX CONTACT FL/TC MGUARD. A low-privileged remote attacker can perform configuration changes to firewall services, including packet filtering, packet forwarding,...