CVE-2026-24149

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

CVE-2026-24149

CVE-2026-24149 affects NVIDIA Megatron-LM across platforms. The root cause is a vulnerability in a script that processes data, allowing an attacker-controlled payload to trigger code injection. This can lead to code execution, privilege escalation, information disclosure, and data tampering as de...

CVE-2026-24149

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

CVE-2026-24149

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

CVE-2026-24149

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

EUVD-2026-5178

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

Arbitrary Code Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via th...

Exploit for Code Injection in Vmware Spring_Framework

No d...

GHSA-MHF6-PP52-8WQJ Moodle Cross-site Scripting (XSS) vulnerability

A flaw was found in Moodle. This Cross-site Scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

Moodle vulnerable to Cross-site Scripting

A flaw was found in Moodle. This vulnerability, known as Cross-site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

CVE-2025-67850

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

CVE-2025-67850

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

CVE-2025-67850

CVE-2025-67850 – Moodle XSS via formula editor : Affected component is Moodle, where insufficient validation of user-provided data in the formula editor’s arithmetic expression fields allows a remote attacker to inject malicious code. When other users view these expressions, the script can execut...

CVE-2025-67849 Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses

A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

PT-2026-6188

Name of the Vulnerable Software and Affected Versions NVIDIA Megatron-LM affected versions not specified Description The software contains a flaw in a script that could allow an attacker to inject code by providing malicious data. Exploitation of this issue may result in code execution, privilege...

PT-2026-6383

A flaw was found in Moodle. This vulnerability, known as Cross-site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

Claude Code 代码注入漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 2.0.72 contained a code injection vulnerability. This vulnerability stemmed from command parsing errors, which could allow bypassing confirmation prompts and executing...

Arbitrary Code Injection

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Arbitrary Code Injection via the pandaseval function. An attacker can execute arbitrary code by supplying crafted input that bypasses input validation and leverages access to...

D-Link DSL-6641K 代码注入漏洞

The D-Link DSL-6641K is a router produced by D-Link Corporation. The D-Link DSL-6641K N8.TR069.20131126 version has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “Username” in the function “doSubmitPPP” within the file “sppppoeuser.js”, which ma...

SandboxJS 代码注入漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.27 contained a code injection vulnerability. This vulnerability stemmed from improper restrictions on lookupGetter, which could lead to sandbox escape or remote code execution...