📄 Moodle 4.x PHP Code Injection

This proof of concept demonstrates a code injection vulnerability in Moodle versions 4.x. ============================================================================================================================================= | Title : Moodle 4.x PHP Code Injection Vulnerability | | Author ...

CVE-2020-37061

BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with...

NetArt Media Easy Cart Shopping Cart 跨站脚本漏洞

NetArt Media Easy Cart Shopping Cart is a lightweight PHP e-commerce shopping system developed by NetArt Media in Bulgaria. The 2021 version of NetArt Media Easy Cart Shopping Cart contains a cross-site scripting vulnerability. This vulnerability stems from the non-persistent cross-site scripting...

Exploit for Code Injection in Vllm

No d...

CVE-2026-1281

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

Arbitrary Code Injection

Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Arbitrary Code Injection via the processing of MkDocs hooks, when TechDocs is configured wit...

Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...

Orval has Code Injection via unsanitized x-enum-descriptions using JS comments

CVE-2026-23947 had an incomplete fix While the current jsStringEscape function properly handles single quotes ', double quotes " and other characters, it fails to sanitize and / characters. This allows attackers to break out of JavaScript comment blocks using / sequences and inject arbitrary code...

GHSA-GCH2-PHQH-FG9Q Orval has Code Injection via unsanitized x-enum-descriptions using JS comments

CVE-2026-23947 had an incomplete fix While the current jsStringEscape function properly handles single quotes ', double quotes " and other characters, it fails to sanitize and / characters. This allows attackers to break out of JavaScript comment blocks using / sequences and inject arbitrary code...

CVE-2026-25141

CVE-2026-25141 affects Orval (OpenAPI/Swagger codegen) where the jsStringEscape logic is insufficient to sanitize x-enumDescriptions, enabling potential arbitrary code execution via JSFuck-like payloads in generated clients. Affected range includes 7.19.0–7.20.x and 7.21.0 and 8.2.0 with an incom...

CVE-2026-25141 Orval has a code injection via unsanitized x-enum-descriptions uing JS comments

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ', double quotes " and so...

CVE-2026-25141 Orval has a code injection via unsanitized x-enum-descriptions uing JS comments

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ', double quotes " and so...

CVE-2026-25141

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ', double quotes " and so...

CVE-2026-25141 Orval has a code injection via unsanitized x-enum-descriptions uing JS comments

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ', double quotes " and so...

EUVD-2026-5007

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ', double quotes " and so...

EUVD-2020-30957

Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in C:\Program Files x86\Outline to inject malicious code that would execute with...

Security Bulletin: IBM Edge Data Collector uses Python package - setuptools which is vulnerable to CVE-2025-47273, CVE-2024-6345.

Summary IBM Edge Data Collector uses Python package - setuptools which is vulnerable to CVE-2025-47273, CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users ...

EUVD-2026-4940

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

EUVD-2026-4936

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

Ubiquiti AirControl code injection vulnerability

Ubiquiti AirControl is a centralized network management platform developed by the American company Ubiquiti. Version 1.4.2 of Ubiquiti AirControl contains a code injection vulnerability. This vulnerability stems from Java expression injections present in.seam endpoints, which may allow unverified...