36380 matches found
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()
Impact The serialize-javascript npm package versions tags, the injected code executes. javascript const serialize = require'serialize-javascript'; // Create an object that passes instanceof RegExp with a spoofed .flags const fakeRegex = Object.createRegExp.prototype; Object.definePropertyfakeRege...
CVE-2018-25160
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...
CVE-2018-25160
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...
CVE-2018-25160 HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...
CVE-2018-25160
CVE-2018-25160 affects HTTP::Session2 for Perl up to version 1.09, where session id input is not validated, allowing code injection or other impact depending on the session backend (e.g., memcached). The connected notes reference a 1.10 release and a patch, indicating a fix was provided in newer ...
CVE-2026-26938
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
CVE-2026-28132
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...
EUVD-2026-9013
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection.This issue affects Frick Controls Quantum HD version 10.22 and prior...
EUVD-2026-9012
Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...
EUVD-2026-9011
Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...
CVE-2026-21656
Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...
CVE-2026-21658
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the securit...
CVE-2026-21657
Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...
CVE-2026-21657
Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...
CVE-2026-21656
Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...
CVE-2026-21658
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the securit...
CVE-2026-21658
Johnson Controls Frick Controls Quantum HD is affected by CVE-2026-21658, an unauthenticated remote code execution (code injection) vulnerability caused by insufficient validation of input parameters. The issue allows code execution before authentication, impacting Quantum HD versions up to 10.22...
CVE-2026-21658 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the securit...
CVE-2026-21658 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the securit...
CVE-2026-21657
CVE-2026-21657 : Johnson Controls Frick Controls Quantum HD (versions 10.22 and earlier) contains an unauthenticated code injection flaw due to insufficient input validation in certain parameters, enabling code generation/execution before authentication. Multiple sources (NVD/Red Hat/EUVD/NVD eco...