36393 matches found
Orval has a code injection via unsanitized x-enum-descriptions in enum generation
Impact Arbitrary code execution in environments consuming generated clients This issue is similar in nature to the recently-patched MCP vulnerability CVE-2026-22785, but affects a different code path in @orval/core that was not addressed by that fix. The vulnerability allows untrusted OpenAPI...
GetSimple Content Management System: Code Injection Vulnerability
GetSimple Content Management System is an open-source content management system developed by GetSimpleCMS. Version 1.1.2 of GetSimple Content Management System has a code injection vulnerability. This vulnerability stems from PHP code injection through plugin configuration parameters, which may...
OpenPLC code injection vulnerability
OpenPLC is an open-source programmable logic controller developed by Thiago Alves. It provides low-cost industrial solutions for automation and research purposes. Version OpenPLC v3 has a code injection vulnerability, which stems from authenticated remote code execution through the hardware...
PT-2026-3796
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...
vLLM code injection vulnerability
vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM from 0.10.1 to 0.14.0 contained a code injection vulnerability. This vulnerability stemmed from the loading of the Hugging Face automap dynamic module during...
5ire code injection vulnerability
5ire is a cross-platform desktop AI assistant developed by Ironben’s developers. Versions of 5ire prior to 0.15.3 contained a code injection vulnerability. This vulnerability stemmed from insecure option parsing in the ECharts Markdown plugin, allowing users who could submit ECharts code blocks t...
PT-2026-3830
eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute...
Cisco Unified Communications Products Code Injection Vulnerability
Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance contain a code injection...
binary-parser library has a code injection vulnerability
A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...
GHSA-M39P-34QH-RH3W binary-parser library has a code injection vulnerability
A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...
CVE-2026-1245
A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...
CVE-2026-1245 CVE-2026-1245
A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...
CVE-2026-1245
CVE-2026-1245 is a code-injection vulnerability in the binary-parser library, affecting versions prior to 2.3.0. The issue arises from unsanitized values used in parser field names or encoding parameters, which are directly interpolated into dynamically generated code (via the Function constructo...
CVE-2026-1245 CVE-2026-1245
A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...
CVE-2026-1245
A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...
CVE-2025-33233
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33233
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33233
NVIDIA Merlin Transformers4Rec (all platforms) is affected by CVE-2025-33233. The issue allows code injection due to the underlying vulnerability, with potential impact including code execution, escalation of privileges, information disclosure, and data tampering. The CVSSv3.1 vector is AV:L/AC:L...
CVE-2025-33233
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33233
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...