CVE-2026-1281

Ivanti Endpoint Manager Mobile (EPMM) is affected by two code-injection vulnerabilities, CVE-2026-1281 and CVE-2026-1340, both enabling unauthenticated remote code execution. The exploits describe pre-auth RCE via endpoints /mifs/c/appstore/fob/ (CVE-2026-1281) and /mifs/c/aftstore/fob/ (CVE-2026...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-1281link is external Ivanti Endpoint Manager Mobile EPMM Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious...

VulnCheck KEV: CVE-2026-1281

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

Ivanti Endpoint Manager Mobile code injection vulnerability

Ivanti Endpoint Manager Mobile is a mobile management software engine developed by the American company Ivanti. Ivanti Endpoint Manager Mobile has a code injection vulnerability, which stems from code injection and may allow unauthenticated remote code execution...

PT-2026-5358

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile affected versions not specified Description A code injection issue in Ivanti Endpoint Manager Mobile allows unauthenticated remote attackers to achieve remote code execution. This is caused by improper management...

PT-2026-5357

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile affected versions not specified Description An unauthenticated remote code execution issue exists in Ivanti Endpoint Manager Mobile EPMM due to improper control of code generation. This occurs through a server-si...

Ivanti Endpoint Manager Mobile code injection vulnerability

Ivanti Endpoint Manager Mobile is a mobile management software engine developed by the American company Ivanti. Ivanti Endpoint Manager Mobile has a code injection vulnerability, which stems from code injection and may allow unauthenticated remote code execution...

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution...

Bdtask Bhojon All-In-One Restaurant Management System: Code Injection Vulnerability

Bdtask Bhojon All-In-One Restaurant Management System is a restaurant management system developed by the Bangladeshi company Bdtask. The versions of the Bdtask Bhojon All-In-One Restaurant Management System prior to 20260116 contained a code injection vulnerability. This vulnerability stemmed fro...

CVE-2025-33234

NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering...

CVE-2026-24871

Improper Control of Generation of Code 'Code Injection' vulnerability in pilgrimage233 Minecraft-Rcon-Manage.This issue affects Minecraft-Rcon-Manage: before 3.0...

CVE-2020-36986

CVE-2020-36986 concerns Prey 1.9.6, where an unquoted service path in the CronService creates a local-priority privilege escalation weakness. The root cause is improper quotation of the service path, allowing a local attacker to insert a malicious executable that could run during application star...

CVE-2026-24806

Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...

RethinkDB code injection vulnerability

RethinkDB is an open-source database developed by RethinkDB. Versions of rethinkdb 2.4.3 and earlier had a code injection vulnerability. This vulnerability stemmed from improper handling of the Secondary Index Handler component, which could lead to cross-site scripting attacks...

Exploit for Code Injection in Lubus Wp_Query_Console

Introduction Handy tool for developers to quickly test vario...

CVE-2020-36980

SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary path, enabling...

CVE-2025-33234

NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering...

CVE-2025-33234

The CVE-2025-33234 issue affects NVIDIA runx. A vulnerability in runx can enable code injection, with potential consequences including code execution, denial of service, privilege escalation, information disclosure, and data tampering. Root cause details indicate a local attack vector with low pr...

CVE-2025-33234

NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering...

CVE-2025-33234

NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering...