CVE-2026-26938

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

EUVD-2026-8845

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...

CVE-2026-28132

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...

Arbitrary Code Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the allowdangerouscode=True which automatically exposes LangChain’s Python REPL tool...

Arbitrary Code Injection

Overview storybook is a frontend workshop for building UI components and pages in isolation. Affected versions of this package are vulnerable to Arbitrary Code Injection via the WebSocket message handlers for creating and saving stories, specifically through unsanitized input in the...

PT-2026-22134

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...

PT-2026-22172

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An issue exists in Kibana Workflows related to improper neutralization of special elements used in a template engine CWE-1336. This could allow an authenticated attacker with the...

WordPress plugin WooCommerce Photo Reviews 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Agenta 代码注入漏洞

Agenta is an open-source platform developed by Agenta for building production-grade large language model applications. Versions of Agenta prior to 0.48.1 contained a code injection vulnerability. This vulnerability stemmed from a sandbox error that allowed the numpy package, potentially leading t...

Arbitrary Code Injection

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Arbitrary Code Injection via the expression evaluation system. An attacker can execute arbitrary system commands by crafting malicious expressions in workflow parameters. Notes: 1 This is only...

Arbitrary Code Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary Code Injection via the Merge node's SQL query mode. An attacker can execute arbitrary code and write arbitrary files on the server by crafting malicious workflows after authenticating with...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code outside the intended sandbox boundary by creating or modifying workflows after authenticating with sufficient permissions. Workaround This vulnerability can be mitigated b...

Eval Injection

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Eval Injection via the runView function in the view filter mechanism, where user-controlled input is evaluated without proper sanitization. An attacker can execute arbitrary JavaScript code on t...

CVE-2025-9120

Improper Control of Generation of Code 'Code Injection' vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. The vulnerability could be exploited through an open port, potentially allowing unauthorized access. This issue affects Carbonite Safe Server Backup: through 6.8....

Enclave 代码注入漏洞

Enclave is a sandbox software open source by AgentFront. Versions of Enclave prior to 2.11.1 had a code injection vulnerability. This vulnerability stemmed from the possibility of escaping the security boundaries set by @enclave-vm/core, which could lead to remote code execution...

WordPress plugin Advanced Woo Labels 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

LiveCode 代码注入漏洞

LiveCode is a multi-platform programming tool developed by the LiveCode team. It can run on iOS, Android, OS X, Windows 95 through Windows 10, Raspberry Pi, and various Unix variants including Linux, Solaris, and BSD. LiveCode has a code injection vulnerability. This vulnerability stems from the...

SourceCodester Mvuma Patients Waiting Area Queue Management System 代码注入漏洞

SourceCodester Mvuma Patients Waiting Area Queue Management System is an open-source system for patient waiting area queue management developed by SourceCodester. Version 1.0 of the SourceCodester Mvuma Patients Waiting Area Queue Management System contains a code injection vulnerability. This...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained a code injection vulnerability. This vulnerability stemmed from defects in the JavaScript Task Runner sandbox, which could allow authenticated users with...