Veeam Service Provider Console 安全漏洞

Veeam Service Provider Console is a cloud-enabled platform from Veeam USA. A security vulnerability exists in Veeam Service Provider Console version 8.0.0.19552 and previous versions 8, which stems from the inclusion of a code injection vulnerability that allows a low privileged user with REST AP...

Apache InLong Code Injection Vulnerability (CNVD-2024-35666)

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A code injection vulnerability exists in Apache InLong versions 1.10.0 through 1.12.0, which can be exploited by an attacker to cau...

Broadcom Symantec Privileged Access Management Code Injection Vulnerability

Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...

CVE-2024-39236

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/componentmeta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself...

CVE-2024-37109 WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary PHP Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7...

CVE-2024-4889

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the...

CVE-2023-23645 WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2...

WordPress plugin Advanced Order Export For WooCommerce 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

Fortinet FortiClient Code Injection Vulnerability

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A code injection vulnerability exists in Fortinet...

Aim Code Injection Vulnerability

Aim is an easy-to-use and high-performance open source experiment tracker from the United States. Aim suffers from a code injection vulnerability. The vulnerability stems from the application failing to properly filter special elements of constructed code segments. An attacker could exploit the...

编号撤回

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a code injection vulnerability that can be exploited by an attacker to use the Shell interpret...

WordPress Plugin Canto 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin Slivery Extender 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

GHSA-99WG-VMVQ-2CP5 RaspAP Vulnerable to Code Injection via an Unknown Process in File `includes/provider.php`

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks GDCrow GDCcolumn size='"...

CVE-2023-37518 A code injection vulnerability affects HCL BigFix ServiceNow Data Flow

HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user...

CVE-2023-32383

This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode...

CVE-2024-0195 spider-flow FunctionController.java FunctionService.saveFunction code injection

A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack...

JVN#48057522: Inkdrop vulnerable to code injection

Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability CWE-94. Impact If a specially crafted markdown file is opened using the product, arbitrary code may be executed. Solution Update the Software The developer states that Inkdrop has an...

Important: Red Hat Security Advisory: Satellite 6.12.5.2 Async Security Update

Updated Satellite 6.12 packages that fixes important security bugs and several regular bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet...