PT-2026-4875

Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...

PT-2026-4960

Improper Control of Generation of Code 'Code Injection' vulnerability in pilgrimage233 Minecraft-Rcon-Manage.This issue affects Minecraft-Rcon-Manage: before 3.0...

Quick-Media security vulnerabilities

Quick-Media is a multimedia service software developed by YiHui’s individual developers. Versions of Quick-Media prior to v1.0 contained security vulnerabilities. These vulnerabilities stemmed from a code injection vulnerability in the PNG encoding component, PNGImageEncoder.Java, which could all...

Minecraft-Rcon-Manage security vulnerability

Minecraft-Rcon-Manage is a game server framework developed by MemoryCache’s individual developers. Versions of Minecraft-Rcon-Manage prior to version 3 contained security vulnerabilities, which stemmed from improper control over code generation, potentially leading to code injection attacks...

NVIDIA RunX security vulnerabilities

NVIDIA runx is a deep learning experiment management tool developed by NVIDIA Corporation. NVIDIA runx contains a security vulnerability, which stems from code injection. This vulnerability may lead to code execution, denial of service, privilege escalation, information leakage, and data corrupti...

PT-2026-4986

NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering...

Books_Manager code injection vulnerability

BooksManager is a book management system personally developed by iJason-Liu. There is a code injection vulnerability in BooksManager, which stems from incorrect handling of the parameter “mark” in the file controllers/bookscenter/addbookcheck.php. This vulnerability may lead to cross-site scripti...

Code-Projects Online Examination System Code Injection Vulnerabilities

Code-Projects Online Examination System is an open-source online examination system developed by Code-Projects. Version 1.0 of the Code-Projects Online Examination System has a code injection vulnerability, which stems from the addition of page components that involve cross-site scripting...

📄 ManageEngine DeviceExpert 5.6 Traversal / Code Execution

Proof of concept exploit for ManageEngine DeviceExpert version 5.6 that injects PHP code into a user agent and uses a path traversal vulnerability to execute code...

NVIDIA Merlin Transformers4Rec Code Injection Vulnerability

NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a code injection vulnerability that stems from incorrectly filtering input parameters, which can be exploited by a remote attacker t...

PT-2026-4781

PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges...

Exploit for Code Injection in Rejetto Http_File_Server

No d...

CVE-2026-24564

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...

CVE-2026-0761

Foundation Agents MetaGPT actionoutputstrtomapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The...

CVE-2026-24132

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

Dioxus Components security vulnerabilities

Dioxus Components is a basic component open-sourced by Dioxus Labs. Version 41e4242ecb1062d04ae42a5215363c1d9fd4e23a of Dioxus Components had a security vulnerability. This vulnerability stemmed from the useofanimatedopen function, which used the user-provided ID to format eval strings, potential...

CVE-2025-69001

Improper Control of Generation of Code 'Code Injection' vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through = 6.1.11...

CVE-2025-69319

Improper Control of Generation of Code 'Code Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through = 2.9.4.1...

CVE-2025-67944

Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.1.8...

CVE-2025-68015

Improper Control of Generation of Code 'Code Injection' vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.8.5...