Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 Text4Shell Report Apache Commons Text CVE-2...

PT-2026-25703

A Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

Worksuite HR CRM and Project Management 代码注入漏洞

Worksuite HR CRM and Project Management is an enterprise management platform developed by the American company Worksuite. Versions of Worksuite HR CRM and Project Management prior to 5.5.25 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters ...

Bedrock AgentCore Starter Toolkit 安全漏洞

Bedrock AgentCore Starter Toolkit is an open-source AI development and deployment toolkit provided by Amazon Web Services. Versions of the tool before v0.1.13 contain security vulnerabilities. These vulnerabilities stem from a lack of S3 ownership verification, which allows remote attackers to...

Dassault Systèmes SOLIDWORKS Desktop 安全漏洞

Dassault Systèmes SOLIDWORKS Desktop is a product of Dassault Systèmes, a French company. The versions 2025 and 2026 of Dassault Systèmes SOLIDWORKS Desktop contain security vulnerabilities. These vulnerabilities stem from the possibility of code injection when special files are opened, which cou...

Tecnick TCExam 代码注入漏洞

Tecnick TCExam is a web-based open-source electronic examination system developed by the British company Tecnick. This system is primarily used for online examinations. Version 16.5.0 of Tecnick TCExam contains a code injection vulnerability. This vulnerability stems from incorrect handling of a...

ueditor 代码注入漏洞

Ueditor is an open-source editor developed by Ueditor. Versions of UEditor 1.4.3.2 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “callback” in the file php/controller.php?action=uploadimage, which may lead to cross-site scriptin...

Tecnick TCExam 代码注入漏洞

Tecnick TCExam is a web-based open-source electronic examination system developed by the British company Tecnick. This system is primarily used for online examinations. Versions of Tecnick TCExam prior to 16.6.0 contained a code injection vulnerability. This vulnerability stemmed from improper...

Aureus ERP 代码注入漏洞

Aureus ERP is an enterprise resource planning system developed by aureuserp. Versions of Aureus ERP 1.3.0-BETA2 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters “subject” and “body” in the file...

WAVLINK WL-NU516U1 代码注入漏洞

WAVLINK WL-NU516U1 is a wireless print server developed by WAVLINK Corporation. The version 240425 of WAVLINK WL-NU516U1 has a code injection vulnerability. This vulnerability stems from incorrect handling of parameters homepage/hostname in the function sub404F68 within the file /cgi-bin/login.cg...

CMS Made Simple 代码注入漏洞

CMS Made Simple CMSMS is an open-source content management system developed by the Cmsms team. This system supports role-based permission management systems, wizard-based installation and update mechanisms, and intelligent caching features. Versions of CMS Made Simple prior to 2.2.21 contained a...

Raytha CMS 代码注入漏洞

Raytha CMS is a content management system developed by the American company Raytha. Raytha CMS has a code injection vulnerability, which stems from the lack of sandboxing or access restrictions in the Functions module. This vulnerability could allow JavaScript code to instantiate.NET components a...

(Pwn2Own) QNAP TS-453E malware_remover Code Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the malwareremover.cgi endpoint. The issue results from the lack of prope...

AnythingLLM 代码注入漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM has a code injection vulnerability that stems from the ImportedPlugin.importCommunityItemFromUrl function downloads a ZIP file and extracts it without verifying the path to the file within the archive, which can be...

Exploit for Code Injection in Unicode

codescan Fast, configurable code security scanner written in...

web-attack-payloads

Web Attack Payloads Collection !Cybersecurityhttps://img.s...

MLflow 代码注入漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible executions, and sharing and deploying models. Prior to MLv3.7.0, there was a code injection vulnerability. This vulnerability stemmed from...

Arbitrary Code Injection

Craft CMS is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe use of unsandboxed Twig rendering with user-controlled input in the conditions system, which allows an attacker to execute arbitrary code through crafted condition rules...

EUVD-2026-11933

Improper Control of Generation of Code 'Code Injection' vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through = 2.36...

EUVD-2026-11862

Improper Control of Generation of Code 'Code Injection' vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through = 3.5.16...