NVIDIA Megatron Bridge 代码注入漏洞

NVIDIA Megatron Bridge is a component developed by NVIDIA Corporation in the United States that connects Hugging Face and Megatron-Core. NVIDIA Megatron Bridge has a code injection vulnerability. This vulnerability arises from malicious inputs in the data merging process, which may lead to code...

NVIDIA Nemo Framework 代码注入漏洞

NVIDIA Nemo Framework is a framework developed by NVIDIA Corporation in the United States for building and deploying generative AI models. The NVIDIA Nemo Framework has a code injection vulnerability. This vulnerability allows attackers to potentially execute remote code, leading to code executio...

WordPress plugin Cart All In One For WooCommerce 注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...

NVIDIA Nemo Framework 代码注入漏洞

NVIDIA Nemo Framework is a framework developed by NVIDIA Corporation in the United States for building and deploying generative AI models. The NVIDIA NeMo Framework has a code injection vulnerability. This vulnerability allows attackers to potentially execute remote code, leading to code executio...

Arbitrary Code Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Code Injection via the incorporation of untrusted Slack channel metadata into the system prompt. An attacker can execute unauthorized commands or access sensitive information by...

GO-2026-4493 Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC in github.com/yokecd/yoke

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC in github.com/yokecd/yoke...

PT-2026-41683

Name of the Vulnerable Software and Affected Versions ChromaDB versions 1.0.0 through 1.5.8 Description A pre-authentication code injection issue exists in the ChromaDB Python project. An unauthenticated remote attacker can execute arbitrary code on the server by sending a request to the...

Blossom 代码注入漏洞

Blossom is a project management platform developed by Blossom Inc. Versions of Blossom 1.17.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect operations on the content function in the file...

Security Bulletin: NVIDIA Megatron Bridge - February 2026

NVIDIA has released a software update for NVIDIA® Megatron Bridge. To protect your system, clone or update this software to version 0.2.2 or later from NVIDIA/Megatron-Bridge on GitHub. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this...

LigeroSmart 代码注入漏洞

LigeroSmart is an open-source management platform developed by LigeroSmart. Versions of LigeroSmart 6.1.26 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the parameter Subaction by the AgentDashboard function in the file/otrs/index.pl,...

LigeroSmart 代码注入漏洞

LigeroSmart is an open-source management platform developed by LigeroSmart. Versions of LigeroSmart 6.1.26 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the SortBy parameter in the file/otrs/index.pl, which could lead to cross-site...

📄 NFR Agent SRS Record 1.0.4.3 PHP Code Injection

Proof of concept code injection exploit for NFR Agent SRS Record version 1.0.4.3. This is for an older finding from 2012. ============================================================================================================================================= | Title : NFR Agent SRS Record...

LigeroSmart 代码注入漏洞

LigeroSmart is an open-source management platform developed by LigeroSmart. Versions of LigeroSmart 6.1.26 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the Profile parameter in the file/otrs/index.pl?Action=AgentTicketSearch, which cou...

📄 PopojiCMS 2.0.1 Code Injection

PopojiCMS version 2.0.1 remote PHP code injection proof of concept exploit. ============================================================================================================================================= | Title : PopojiCMS 2.0.1 PHP COde Injection Vulnerability | | Author : indoush...

PT-2026-8052

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

GHSA-RP46-R563-JRC7 Apache Avro Java SDK is Vulnerable to Code Injection

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

Apache Avro Java SDK is Vulnerable to Code Injection

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the SpecificCompiler class, when handling untrusted Avro schemas. An attacker can execute code by supplying a malicious schema with commands injected in doc comment values, which can be executed during...

PYSEC-2026-26

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version1.12.0.Users are recommended to upgrade to version 1.12.1 or...

PYSEC-2026-26

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...