CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

CVE-2026-0488

CVE-2026-0488 affects SAP CRM and SAP S/4HANA (Scripting Editor) via a flaw in a generic function module call that an authenticated attacker can abuse to execute an arbitrary SQL statement. This can lead to full database compromise with high impact to confidentiality, integrity, and availability....

PT-2026-7413

Name of the Vulnerable Software and Affected Versions Microsoft Defender for Linux affected versions not specified Description The software contains a flaw in how it generates code, potentially allowing an attacker on the same network to run code without authorization. There is no information abo...

📄 Palo Alto Networks PAN-OS 11.2 PHP Code Injection

Palo Alto Networks PAN-OS version 11.2 proof of concept remote command execution exploit that also leverages an authentication bypass vulnerability. ============================================================================================================================================= | Titl...

Microsoft GitHub Copilot and Visual Studio 代码注入漏洞

Microsoft GitHub Copilot and Visual Studio are generative AI tools developed by the American company Microsoft. There is a code injection vulnerability in Microsoft GitHub Copilot and Visual Studio. Attackers can exploit this vulnerability to execute code remotely. The following products and...

CVE-2026-1615

Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can...

CVE-2026-1615

Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can...

Code-Projects Online Reviewer System 代码注入漏洞

The Code-Projects Online Reviewer System is an online review system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Reviewer System contains a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “firstname” in the file...

ZAI Shell 代码注入漏洞

ZAI Shell is a terminal-independent AI proxy software developed by Ömer Efe Başol TaklaXBR. Versions of ZAI Shell prior to 9.0.3 contained a code injection vulnerability. This vulnerability stemmed from the lack of an authentication mechanism in the P2P terminal sharing feature, which could lead ...

📄 Novell GroupWise 2012 Traversal / Shell Upload

This code exploits the directory traversal vulnerability in Novell GroupWise 2012 before Support Pack 1 to steal files, and attempts to upload a web shell payload if possible, making it an effective penetration testing tool...

StudentManager 代码注入漏洞

StudentManager is a student management system developed by huanfenz’s individual developer. StudentManager has a code injection vulnerability, which stems from incorrect handling of the parameter Reason for Leave in the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. Th...

PT-2026-7066

Name of the Vulnerable Software and Affected Versions jsonpath affected versions not specified Description The package jsonpath is susceptible to Arbitrary Code Injection due to unsafe evaluation of user-supplied JSON Path expressions. The library utilizes the static-eval module to process JSON...

JFinalCMS 代码注入漏洞

JFinalCMS is a content management system developed by heyewei’s individual developers. Version JFinalCMS 5.0.0 has a code injection vulnerability. This vulnerability stems from incorrect operations with the component API endpoints related to files and the ‘admin/admin/save’ endpoint, which may le...

Code-Projects Online Reviewer System 代码注入漏洞

The Code-Projects Online Reviewer System is an online review system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Reviewer System contains a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “firstname” in the file...

Code-Projects Online Music Site 代码注入漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a code injection vulnerability. This vulnerability stems from incorrect handling of the txtalbum parameter in the file...

Origin Validation Error

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error via the /cdp WebSocket endpoint that accepts arbitrary Chrome DevTools Protocol commands. An attacker can bypass the intended localhost-only restriction by running...

SourceCodester Simple Responsive Tourism Website 代码注入漏洞

SourceCodester Simple Responsive Tourism Website is an open-source tourism website developed by SourceCodester. Version 1.0 of SourceCodester Simple Responsive Tourism Website has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “Title” in the...

Code-Projects Online Student Management System 代码注入漏洞

Code-Projects Online Student Management System is an open-source online student management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Student Management System contains a code injection vulnerability. This vulnerability arises from incorrect operations on the file...

SourceCodester Patients Waiting Area Queue Management System 代码注入漏洞

The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a code injection vulnerability. This vulnerability...

Simple Responsive Tourism Website 代码注入漏洞

Simple Responsive Tourism Website is a simple responsive tourism website. Version 1.0 of Simple Responsive Tourism Website has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameters firstname, lastname, and username in the...