EUVD-2026-5007

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ', double quotes " and so...

EUVD-2020-30957

Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in C:\Program Files x86\Outline to inject malicious code that would execute with...

Security Bulletin: IBM Edge Data Collector uses Python package - setuptools which is vulnerable to CVE-2025-47273, CVE-2024-6345.

Summary IBM Edge Data Collector uses Python package - setuptools which is vulnerable to CVE-2025-47273, CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users ...

EUVD-2026-4940

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

EUVD-2026-4936

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

Ubiquiti AirControl code injection vulnerability

Ubiquiti AirControl is a centralized network management platform developed by the American company Ubiquiti. Version 1.4.2 of Ubiquiti AirControl contains a code injection vulnerability. This vulnerability stems from Java expression injections present in.seam endpoints, which may allow unverified...

PT-2026-5419

Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that will execute with elevated LocalSystem privileges during service startup...

D-Link DSL-6641K has a code injection vulnerability

The D-Link DSL-6641K is a router produced by D-Link Corporation. The D-Link DSL-6641K N8.TR069.20131126 contains a code injection vulnerability. This vulnerability stems from incorrect handling of parameters named “Name” within the web interface components, which may lead to cross-site scripting...

Projectworlds House Rental and Property Listing: Code Injection Vulnerability

Projectworlds House Rental and Property Listing is an open-source housing rental and property listing system developed by Projectworlds. Version 1.0 of Projectworlds House Rental and Property Listing contains a code injection vulnerability, which stems from incorrect handling of the parameter...

Backstage Code Injection Vulnerability

Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 1.13.11 and 1.14.1 contained a code injection vulnerability. This vulnerability stemmed from the ability to configure malicious hooks in the...

Orval code injection vulnerability

Orval is an open-source interface development tool developed by Orval. Versions of Orval from 7.19.0 to 7.21.0, as well as versions before 8.2.0, have a code injection vulnerability. This vulnerability stems from incomplete escape handling in the jsStringEscape function, which may lead to code...

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

CVE-2026-1281

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

CVE-2026-1281

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

CVE-2026-1340

CVE-2026-1340 affects Ivanti Endpoint Manager Mobile (EPMM) with a code-injection flaw that could allow unauthenticated remote code execution. The CVSS v3.1 base score is 9.8 (CRITICAL) with network attack vector, no privileges required, no user interaction, and high impact to confidentiality, in...

CVE-2026-1281

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...