CVE-2026-28801 Natro Macro: Code Injection through Pattern/Path files

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

HSC Cybersecurity Mailinspector 代码注入漏洞

HSC Cybersecurity Mailinspector is an email security management system developed by HSC Cybersecurity in France. Versions of HSC Cybersecurity Mailinspector 5.3.2-3 and earlier contain a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter...

changedetection.io 代码注入漏洞

changedetection.io is a website-based application developed by dgtlmoon, designed for code inspection, monitoring, and notification. Versions of changedetection.io prior to 0.54.4 contained a code injection vulnerability. This vulnerability stemmed from unvalidated or uncleaned XPath expressions,...

Microsoft Semantic Kernel Code Injection Vulnerability

Microsoft Semantic Kernel is a large model orchestration framework from Microsoft Corporation, USA. A code injection vulnerability exists in Microsoft Semantic Kernel versions prior to 1.39.4. The vulnerability stems from the InMemoryVectorStore filtering feature failing to properly filter specia...

Mesa 代码注入漏洞

Mesa is an open-source proxy modeling framework developed by Mesa developers. Versions of Mesa 3.5.0 and earlier contained a code injection vulnerability. This vulnerability occurred when untrusted code was checked out in the workflow, potentially allowing code execution...

chartbrew 代码注入漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.1 contained a code injection vulnerability. This vulnerability stemmed from the faulty API, which allowed remote code execution...

NatroMacro 代码注入漏洞

NatroMacro is an automated script tool for games, open-sourced by the Natro Team. Versions of NatroMacro prior to 1.1.0 contained a code injection vulnerability. This vulnerability stemmed from any ahk code in the execution mode or path files, allowing attackers to share files containing maliciou...

chartbrew 代码注入漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.1 contained a code injection vulnerability, which was caused by remote code execution vulnerabilities in MongoDB dataset queries...

WordPress plugin WP All Import 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-20008

A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating...

EUVD-2026-9784

Improper Control of Generation of Code 'Code Injection' vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through = 3.7.2...

EUVD-2026-9654

Improper Control of Generation of Code 'Code Injection' vulnerability in Marketing Fire Widget Options widget-options allows Code Injection.This issue affects Widget Options: from n/a through = 4.1.3...

EUVD-2026-9531

Improper Control of Generation of Code 'Code Injection' vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through = 3.0.1...

CVE-2026-28134

Improper Control of Generation of Code 'Code Injection' vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through = 3.7.2...

CVE-2026-27984

Improper Control of Generation of Code 'Code Injection' vulnerability in Marketing Fire Widget Options widget-options allows Code Injection.This issue affects Widget Options: from n/a through = 4.1.3...

CVE-2026-22390

Improper Control of Generation of Code 'Code Injection' vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through = 3.0.1...

CVE-2026-28134 WordPress JetEngine plugin <= 3.7.2 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through = 3.7.2...

CVE-2026-28134

CVE-2026-28134 is a confirmed RCE in Crocoblock JetEngine plugin for WordPress, affecting JetEngine versions up to and including 3.7.2. The issue is described as an improper control of code generation that enables Remote Code Inclusion/Execution. Multiple sources (NVD, Red Hat, CVE listings) corr...

CVE-2026-28134

Improper Control of Generation of Code 'Code Injection' vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through = 3.7.2...

CVE-2026-27984

CVE-2026-27984 is a code injection (RCE) vulnerability in the Widget Options: Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin (Widget Options) affecting versions up to 4.1.3. The issue stems from improper control of code generation, enabling remote code execution. Th...