itsourcecode University Management System 代码注入漏洞

itsourcecode University Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode University Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “vr” in the...

itsourcecode Payroll Management System 代码注入漏洞

itsourcecode Payroll Management System is an open-source payroll management system developed by itsourcecode. Version 1.0 of the itsourcecode Payroll Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the file...

CesiumGS CesiumJS 代码注入漏洞

CesiumGS CesiumJS is a JavaScript library created by CesiumGS Company in the United States, designed for creating and displaying three-dimensional Earth and geospatial data visualizations. Versions of CesiumGS CesiumJS 1.137.0 and earlier contained a code injection vulnerability. This vulnerabili...

OpenClaw 代码注入漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a code injection vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

PT-2026-24899

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

EUVD-2026-11403

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

CVE-2026-3955

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

CVE-2026-3955 elecV2P jsfile Endpoint wbjs.js runJSFile code injection

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

CVE-2026-3955

The CVE-2026-3955 entry affects elecV2P up to version 3.8.3. The vulnerable component is the function runJSFile in file source-code/elecV2P-master/webser/wbjs.js of the jsfile Endpoint, with code injection as the underlying issue. Attacker can potentially exploit remotely, and public disclosure o...

CVE-2026-3955 elecV2P jsfile Endpoint wbjs.js runJSFile code injection

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

CVE-2026-3955

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

Arbitrary Code Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Code Injection via the upstream API requests. An attacker can execute arbitrary code by injecting malicious prompts into requests. Remediation There is no fixed version for...

CVE-2026-20116 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection via the BaseElementSelectConditionRule::getElementIds function. An attacker can execute arbitrary code by sending a crafted condition rule through standard element...

EUVD-2026-11087

Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands...

CVE-2026-20892

Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands...

CVE-2026-20892

CVE-2026-20892 : A code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, where an administrator may execute arbitrary commands. The entry provides CVSS metrics (3.0 and 4.0 schemas) indicating high impact across confidentiality, integrity, and availability with network attack vector a...

EUVD-2026-11088

Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands...

CVE-2026-20892

Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands...

CVE-2026-20892

Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands...