Calibre 代码注入漏洞

Calibre is an open-source, free tool developed by Kovid Goyal, a personal developer from India. It serves as a comprehensive e-book reading management and format conversion tool. Versions of Calibre 9.1.0 and earlier had a code injection vulnerability. This vulnerability stemmed from path travers...

PT-2026-6685

Name of the Vulnerable Software and Affected Versions abhiphile fermat-mcp versions prior to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a Description A code injection issue exists in the eqn chart function within the fmcp/mpl mcp/core/eqn chart.py file. Manipulation of the equations argument can lead...

📄 MikroTik RouterOS WinBox 3.41 Username Enumeration

Proof of concept exploit for MikroTik RouterOS WinBox version 3.41 that demonstrates a username enumeration vulnerability. ============================================================================================================================================= | Title : MikroTik RouterOS WinB...

Data Visualization MCP Server 代码注入漏洞

The Data Visualization MCP Server is a context-based protocol server developed by Isaac Wasserman, designed for data visualization purposes. The Data Visualization MCP Server has a code injection vulnerability, which stems from incorrect handling of the vegalitespecification parameter, potentiall...

Edimax BR-6288ACL 代码注入漏洞

The Edimax BR-6288ACL is a wireless router produced by Edimax Corporation. Versions of Edimax BR-6288ACL prior to 1.12 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of a parameter named manualssid in the file wizWISP24gmanual.asp, which could lead to...

PT-2026-6671

Name of the Vulnerable Software and Affected Versions isaacwasserman mcp-vegalite-server versions prior to 16aefed598b8cd897b78e99b907f6e2984572c61 Description A security issue exists in the eval function of the visualize data component. Manipulation of the vegalite specification argument can lea...

Fermat MCP 代码注入漏洞

Fermat MCP is a FastMCP server developed by ABHISHEK KUMAR for mathematical calculations. Fermat MCP has a code injection vulnerability, which stems from incorrect operations on the parameter equations of the eqnchart function in the file fmcp/mplmcp/core/eqnchart.py, potentially leading to code...

Arbitrary Code Injection

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Arbitrary Code Injection by overriding the Map.prototype.has method. An attacker can execute arbitrary code on the underlying operating system because Map is included in SAFEPROTOYPE...

CVE-2026-24149

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

PepRaR

PepRaR Laborator...

📄 Novell GroupWise 8.0 Traversal / Code Injection

Proof of concept exploit for an older vulnerability from 2012 that looks for a directory traversal vulnerability in Novell GroupWise version 8.0 before Support Pack 3 and attempts to upload a webshell if possible...

📄 MySCADA MyPRO Manager 1.2 PHP Code Injection

MySCADA MyPRO Manager version 1.2 suffers from a code injection vulnerability. ============================================================================================================================================= | Title : MySCADA MyPRO Manager 1.2 PHP Code Injection Vulnerability | |...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from differences in how Go and C/C++ comments are parsed. This vulnerability may allow co...

📄 Online Vehicle Service Management System 1.0 Add Administrator

Proof of concept add administrator exploit for Online Vehicle Service Management System version 1.0 that leverages a missing authentication vulnerability. ============================================================================================================================================= ...

EUVD-2026-5347

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code...

Langroid 代码注入漏洞

Langroid is an open-source tool developed using multi-agent programming for LLM tasks. Versions of Langroid prior to 0.59.32 had a code injection vulnerability. This vulnerability stemmed from a bypass in the TableChatAgent’s invocation of the pandaseval tool, which could allow arbitrary code to ...

VulnCheck KEV: CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the rules.http.paths.path field, which allows injection of configuration into the nginx process. An attacker can execute arbitrary code and access sensitive Secrets by crafting malicious input to this field...

CVE-2019-25260

OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PHP code into the database and execute...

Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection via the script process. An attacker can execute arbitrary code, escalate privileges, disclose...