CVE-2025-57707

CVE-2025-57707 concerns File Station 5, where an improper neutralization of directives in statically saved code (Static Code Injection) may allow a user with an account to access restricted data/files. The fixed version is File Station 5.5.6.5166 and later. CVSS 4.0 base vector indicates Network ...

CVE-2025-57707

An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...

CVE-2025-57707 File Station 5

An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...

Schneider Electric EcoStruxure Building Operation Workstation 代码注入漏洞

Schneider Electric EcoStruxure Building Operation Workstation is a specialized operational terminal component developed by Schneider Electric, a French company. The Schneider Electric EcoStruxure Building Operation Workstation has a code injection vulnerability, which stems from improper code...

WordPress plugin Lucky Wheel Giveaway 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Chevereto 代码注入漏洞

Chevereto is a graph-based program. The Chevereto 3.13.4 Core version has a code injection vulnerability, which stems from improper handling of database table prefix parameters. This vulnerability may lead to remote code execution...

PT-2026-7605

ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated...

KeePass Password Safe 代码注入漏洞

KeePass Password Safe is a local password management tool developed by the KeePass company. Versions of KeePass Password Safe prior to 2.44 contained a code injection vulnerability. This vulnerability stemmed from improper handling of HTML in the help system, which could lead to denial-of-service...

PT-2026-7557

An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...

WordPress plugin Custom Block Builder – Lazy Blocks 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

QNAP Systems File Station 5 安全漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems File Station 5 prior to 5.5.6.5166 contained security vulnerabilities. These vulnerabilities were caused by static code injection, which could lead to acce...

CVE-2026-21537

Improper control of generation of code 'code injection' in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network...

CVE-2026-21537

Improper control of generation of code 'code injection' in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network...

CVE-2026-21537

Improper control of generation of code 'code injection' in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network...

Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability

Improper control of generation of code 'code injection' in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP CRM, SAP S/4HANA, SAP NetWeaver Application Server ABAP, SAP Supply Chain Management, SAP BusinessObjects BI Platform, SAP Document Management System, SAP Commerce Cloud, and SAP Business Workflow. The vulnerabilities include code...

Exploit for Code Injection in Wpml

No d...

CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

CVE-2026-0488

CVE-2026-0488 affects SAP CRM and SAP S/4HANA (Scripting Editor) via a flaw in a generic function module call that an authenticated attacker can abuse to execute an arbitrary SQL statement. This can lead to full database compromise with high impact to confidentiality, integrity, and availability....