WordPress plugin ARForms 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPress...

PT-2026-26920

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write analysis code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has...

PT-2026-26888

A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

MetaGPT 代码注入漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from a code injection flaw in the code generate function located in the file metagpt/ext/aflow/scripts/operator.py. It could...

PbootCMS 代码注入漏洞

PbootCMS is an open-source enterprise website content management system developed using the PHP language. Versions of PbootCMS 3.2.12 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the backurl parameter in the alertlocation function within the...

CVE-2026-4506

A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function askdb of the file mindsql/core/mindsqlcore.py. Performing a manipulation results in code injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was...

CVE-2026-4506 Mindinventory MindSQL mindsql_core.py ask_db code injection

A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function askdb of the file mindsql/core/mindsqlcore.py. Performing a manipulation results in code injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was...

CVE-2026-4506

A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function askdb of the file mindsql/core/mindsqlcore.py. Performing a manipulation results in code injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was...

AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...

GHSA-XGGW-G9PM-9QHH AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-31277link is external Apple Multiple Products Buffer Overflow Vulnerability CVE-2025-32432link is external Craft CMS Code Injection Vulnerability...

itsourcecode University Management System 代码注入漏洞

itsourcecode University Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode University Management System has a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter stname in the file...

pybbs 代码注入漏洞

pybbs is a Java-developed community platform created by iuiu’s individual developers. Version 6.0.0 of pybbs contains a code injection vulnerability. This vulnerability stems from a cross-site scripting attack in the create function located in the file...

Mesop 代码注入漏洞

Mesop is an open-source UI framework for quickly building Python web applications. Versions of Mesop 1.2.2 and earlier contained a code injection vulnerability. This vulnerability stemmed from the /exec-py endpoint in the ai/test module, which executed unvalidated Python code without any...

MindSQL 代码注入漏洞

MindSQL is an open-source database interaction and retrieval enhancement generation library developed by MindInventory. Versions of MindSQL 0.2.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from the askdb function in the mindsql/core/mindsqlcore.py file, which...

WordPress plugin Kali Forms 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Laravel Livewire Code Injection Vulnerability

Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios...

pybbs 代码注入漏洞

pybbs is a Java-developed community platform created by iuiu’s individual developers. Version 6.0.0 of pybbs contains a code injection vulnerability. This vulnerability stems from a cross-site scripting attack in the create function located in the file...

Craft CMS Code Injection Vulnerability

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code...

CLSA-2026-1773923672 ImageMagick: Fix of 11 CVEs

CVE-2026-25797: fix PostScript/HTML code injection via unsanitized filenames - CVE-2026-25982: fix heap out-of-bounds read in DICOM colormap decoder - CVE-2026-25968: fix stack buffer overflow in MSL opacity attribute processing - CVE-2026-25986: fix heap buffer overflow write in YUV 4:2:2...