Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Version 2.0.5 of Yifang CMS has a code injection vulnerability. This vulnerability stems from the handling of the parameter linkName in the file DfriendLink.php, which may lead to cross-site...

smart-admin 代码注入漏洞

Smart-Admin is a rapid development platform developed by individual developers of 1024-lab. Versions of Smart-Admin prior to 3.29 contained a code injection vulnerability. This vulnerability stemmed from incorrect operations on the file...

EUVD-2026-10105

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

CVE-2026-3352

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

CVE-2026-3352

CVE-2026-3352 : The Easy PHP Settings WordPress plugin (versions

CVE-2026-3352 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

CVE-2026-3352

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

CVE-2026-3352 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

WordPress Easy PHP Settings plugin <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting vulnerability

Authenticated Administrator+ PHP Code Injection via 'wpmemorylimit' Setting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Easy PHP Settings versions = 1.0.4...

WordPress plugin Easy PHP Settings 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-23820

Name of the Vulnerable Software and Affected Versions Easy PHP Settings plugin for WordPress versions up to and including 1.0.4 Description The Easy PHP Settings plugin for WordPress is susceptible to PHP Code Injection due to inadequate input validation on the wp memory limit and wp max memory...

Security Bulletin: IBM Terracotta is affected by an Apache Avro vulnerability that could allow code injection leading to access to unauthorized resources

Summary IBM Terracotta uses Apache Avro as part of Apache Parquet used within the IBM Terracotta implementation for data export and import. Vulnerability Details CVEID:CVE-2025-33042 DESCRIPTION: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when...

CVE-2026-29091 Locutus: Remote Code Execution (RCE) in locutus call_user_func_array due to Code Injection

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution RCE flaw was discovered in the locutus project, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to...

CVE-2026-29091 Locutus: Remote Code Execution (RCE) in locutus call_user_func_array due to Code Injection

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution RCE flaw was discovered in the locutus project, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to...

CVE-2026-27984

Improper Control of Generation of Code 'Code Injection' vulnerability in Marketing Fire Widget Options widget-options allows Code Injection.This issue affects Widget Options: from n/a through = 4.1.3...

CVE-2026-28134

Improper Control of Generation of Code 'Code Injection' vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through = 3.7.2...

CVE-2026-22390

Improper Control of Generation of Code 'Code Injection' vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through = 3.0.1...

CVE-2026-28801

Summary of CVE-2026-28801 : Natro Macro (AutoHotkey-based macro for Bee Swarm Simulator) prior to version 1.1.0 executes any AHK code found inside pattern or path files. The root cause is code execution from shared pattern/path files, allowing an attacker to embed malicious code that runs with th...

CVE-2026-28801 Natro Macro: Code Injection through Pattern/Path files

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

CVE-2026-28801 Natro Macro: Code Injection through Pattern/Path files

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...