SourceCodester Mvuma Patients Waiting Area Queue Management System 代码注入漏洞

SourceCodester Mvuma Patients Waiting Area Queue Management System is an open-source system for patient waiting area queue management developed by SourceCodester. Version 1.0 of the SourceCodester Mvuma Patients Waiting Area Queue Management System contains a code injection vulnerability. This...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained a code injection vulnerability. This vulnerability stemmed from defects in the JavaScript Task Runner sandbox, which could allow authenticated users with...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.2.0 and 1.123.8 contained a code injection vulnerability. This vulnerability stemmed from the ability of authorized authenticated users to chain-utilize the Read/Write Files from Disk node with g...

Patrick Mvuma Patients Waiting Area Queue 代码注入漏洞

Patrick Mvuma Patients Waiting Area Queue is a queue management system for waiting areas in hospitals/clinics developed by Patrick Mvuma himself. Version 1.0 of Patrick Mvuma Patients Waiting Area Queue contains a code injection vulnerability. This vulnerability arises from incorrect handling of...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained a code injection vulnerability. This vulnerability arises from the possibility for authorized authenticated users to exploit custom expressions within workflow...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained a code injection vulnerability. This vulnerability arises because authorized authenticated users can exploit the SQL query patterns of the Merge node,...

CVE-2026-27156 NiceGUI has XSS via Code Injection

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...

CVE-2026-27156 NiceGUI has XSS via Code Injection

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...

CVE-2026-27156 NiceGUI has XSS via Code Injection

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...

ImageMagick: Code Injection via PostScript header in ps coders

The ps encoders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicious file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer like Ghostscript, the...

GHSA-R837-HPV7-PC2F Apache Airflow vulnerable to Code Injection in the web-server context via LogTemplate table

DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...

Apache Airflow vulnerable to Code Injection in the web-server context via LogTemplate table

DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...

CVE-2026-25797

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a...

CVE-2025-9120

Improper Control of Generation of Code 'Code Injection' vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. The vulnerability could be exploited through an open port, potentially allowing unauthorized access. This issue affects Carbonite Safe Server Backup: through 6.8....

Arbitrary Code Injection

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

CVE-2026-25797 ImageMagick vulnerable to Code injection via PostScript header in ps coders

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a...

CVE-2026-25797 ImageMagick vulnerable to Code injection via PostScript header in ps coders

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a...

Arbitrary Code Injection

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Arbitrary Code Injection

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

CVE-2026-25797

ImageMagick (affected: 7.1.2-15 and 6.9.13-40) contains two input-sanitization issues in the PostScript header written by the ps coders and in HTML escaping when writing to documents. The ps coders fail to sanitize input before inserting into the PostScript header, allowing an attacker to craft a...