Code Injection

org.apache.avro, avro-compiler is vulnerable to Code Injection. The vulnerability is due to improper validation of untrusted Avro schemas during specific record generation, where attacker-controlled schema content can be incorporated into generated Java source code without sufficient sanitization...

WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter vulnerability

WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin = 3.1.0 - Authenticated Shop Manager+ Code Injection via Conditional Logic 'operator' Parameter vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Product Addons for Woocommerce versions = 3.1....

CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

CVE-2026-2296 Product Addons for Woocommerce – Product Options with Custom Fields <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...

CVE-2026-2296 Product Addons for Woocommerce – Product Options with Custom Fields <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...

CVE-2026-2296

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...

CVE-2026-2019

CVE-2026-2019 concerns the Cart All In One For WooCommerce WordPress plugin (versions

CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

CVE-2026-2019 Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

CVE-2026-2019 Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

WordPress Cart All In One For WooCommerce plugin <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting vulnerability

Authenticated Administrator+ Code Injection via 'scassignpage' Setting vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Cart All In One For WooCommerce versions = 1.1.21...

PT-2026-20401

Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge affected versions not specified Description The software contains a flaw in a data shuffling tutorial that could allow code injection with malicious input. Exploitation may lead to code execution, privilege escalation,...

PT-2026-20399

Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework affected versions not specified Description The NVIDIA NeMo Framework has a flaw that allows an attacker to create malicious data that could lead to code injection. Exploitation of this issue may result in code execution,...

MajorDoMo 代码注入漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a code injection vulnerability in MajorDoMo. This vulnerability stems from an error in the inclusion order of modules/panel.class.php, which causes the execution to continue after a...

NVIDIA Megatron Bridge 代码注入漏洞

NVIDIA Megatron Bridge is a component developed by NVIDIA Corporation in the United States that connects Hugging Face and Megatron-Core. NVIDIA Megatron Bridge has a code injection vulnerability. This vulnerability arises from malicious inputs in the data shuffling tutorial, which may lead to cod...

NVIDIA Nemo Framework 代码注入漏洞

NVIDIA Nemo Framework is a framework developed by NVIDIA Corporation in the United States for building and deploying generative AI models. The NVIDIA Nemo Framework has a code injection vulnerability. This vulnerability arises from the possibility of code injection when attackers create malicious...

PT-2026-20306

Name of the Vulnerable Software and Affected Versions Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress versions prior to 3.1.1 Description The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is susceptible to Code...

PT-2026-20400

Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge affected versions not specified Description The software contains a flaw in a data merging tutorial that could allow code injection with malicious input. Exploitation of this issue may lead to code execution, privilege...

WordPress plugin Product Addons for Woocommerce – Product Options with Custom Fields 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

PT-2026-20296

Name of the Vulnerable Software and Affected Versions Cart All In One For WooCommerce versions prior to 1.1.22 Description The Cart All In One For WooCommerce plugin for WordPress is susceptible to code execution. This occurs because of inadequate input validation on the 'Assign page' field, whic...