36393 matches found
Itsourcecode Society Management System Code Injection Vulnerability
itsourcecode Society Management System is an open-source social management system developed by itsourcecode. Version 1.0 of the itsourcecode Society Management System has a code injection vulnerability. This vulnerability arises from incorrect handling of parameters in the file admin/expenses.php...
HRMS code injection vulnerability
HRMS is a human resources management system developed by BoringError. Version 1.0.1 of HRMS contains a code injection vulnerability, which stems from incorrect operations on the function UpdateRecruitmentById in the file handler/recruitment.go. This vulnerability may lead to cross-site scripting...
SourceCodester: Patients Waiting Area Queue Management System – Code Injection Vulnerability
The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a code injection vulnerability. This vulnerability...
SourceCodester: Patients Waiting Area Queue Management System – Code Injection Vulnerability
The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a code injection vulnerability. This vulnerability...
SiYuan code injection vulnerability
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.4 contained a code injection vulnerability. This vulnerability stemmed from the/api/attr/setBlockAttrs API, which allowed attackers to inject arbitrary HTML attributes into the...
mpay code injection vulnerability
MPay is a convenient payment collection tool developed by Technic Laohu in China. Versions of MPay 1.2.4 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Nickname,” and could lead to cross-site scripting attacks...
Arbitrary Code Injection
Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...
Exploit for Code Injection in Iptanus Wordpress_File_Upload
No d...
Lobe Chat code injection vulnerability
Lobe Chat is an open-source, high-performance chatbot framework developed by LobeHub. Versions of Lobe Chat prior to 2.0.0-next.180 contained a code injection vulnerability. This vulnerability stemmed from a storage-oriented cross-site scripting vulnerability in the Mermaid renderer, which could...
Exploit for CVE-2026-22785
CVE-2026-22785 Reproducing Tutorial Vulnerability Overview...
LigeroSmart code injection vulnerability
LigeroSmart is an open-source management platform developed by LigeroSmart. Versions of LigeroSmart 6.1.26 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “TicketID” in the file /otrs/index.pl?Action=AgentTicketZoom, which...
LigeroSmart code injection vulnerability
LigeroSmart is an open-source management platform developed by LigeroSmart. Versions of LigeroSmart 6.1.26 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter TicketID in the file /otrs/index.pl, which could lead to cross-site...
Arbitrary Code Injection
Overview github.com/zalando/skipper is a HTTP router and reverse proxy for service composition Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by submitting malicious scripts when untrusted users are permitted to create lua filters...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the LivewireFilemanagerComponent.php process due to missing file type and MIME validation. An attacker can execute arbitrary code by uploading a malicious PHP file and accessing it via the /storage/ URL. This...
ABB Ability OPTIMAX
SUMMARY ABB became aware of severe vulnerability in the products versions listed as affected in the advisory, if the optional integration with Azure Active Directory for Single-Sign On is enabled. We have not received any reports of this vulnerability being exploited. An attacker who...
CVE-2025-64691
CVE-2025-64691 affects AVEVA Process Optimization (Code Injection) where an authenticated OS-standard user can tamper TCL Macro scripts to escalate privileges to OS system, potentially fully compromising the Model Application Server. Public summaries describe local, authenticated, user-level acce...
CVE-2025-61937
CVE-2025-61937 affects AVEVA Process Optimization. The flaw allows unauthenticated remote code execution via the taoimr service, potentially fully compromising the model application server. CVSS metrics in the documents show CRITICAL impact. Remediation details or fixed versions are not provided ...
CVE-2025-61937 AVEVA Process Optimization Code Injection
The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server...
AVEVA Process Optimization Code Injection Vulnerability
AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a code injection vulnerability. This vulnerability allows unverified attackers to execute remote code, potentially leading to the complete compromise of t...