36394 matches found
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the EnvoyExtensionPolicy resource. An attacker can execute arbitrary commands and access sensitive credentials by injecting malicious Lua scripts. This can lead to privilege escalation, theft of secrets, and...
CVE-2025-41717
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation 'Code...
CVE-2025-41717 Config-Upload Code Injection
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation 'Code...
CVE-2025-41717
CVE-2025-41717 describes an unauthenticated remote exploit where an attacker can coerce a high-privilege user into uploading a malicious payload via the config-upload endpoint, enabling code injection as root. The underlying issue is improper control of code generation, yielding complete loss of ...
CVE-2025-41717 Config-Upload Code Injection
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation 'Code...
CVE-2026-0498
SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...
CVE-2026-0498
SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...
CVE-2026-0498
CVE-2026-0498 affects SAP S/4HANA (Private Cloud and On-Premise). The vulnerability exists in a function module exposed via RFC, where an attacker with admin privileges can inject arbitrary ABAP code or OS commands, bypassing authorization checks and creating a backdoor that could lead to full sy...
CVE-2026-0498 Code Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise)
SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...
CVE-2026-0498 Code Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise)
SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...
CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation
SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...
CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation
SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...
CVE-2026-0491
CVE-2026-0491 affects SAP Landscape Transformation. A function module exposed via RFC allows an admin to inject arbitrary ABAP code or OS commands, bypassing authorization checks and potentially compromising confidentiality, integrity, and availability. The issue is described across multiple sour...
4images 代码注入漏洞
4images is an image management system from the German company 4images. A code injection vulnerability exists in 4images version 1.9, which stems from a remote command execution vulnerability in the template editing feature that could lead to the execution of arbitrary commands...
PHOENIX CONTACT TC ROUTER 代码注入漏洞
PHOENIX CONTACT TC ROUTER is a series of routers from PHOENIX CONTACT, Germany. A code injection vulnerability exists in the PHOENIX CONTACT TC ROUTER that stems from improper code generation controls and could lead to code injection and a complete loss of confidentiality, availability, and...
NanoCMS 代码注入漏洞
NanoCMS is a lightweight content management system by kalyan02 individual developer. A code injection vulnerability exists in NanoCMS version 0.4, which stems from an unauthenticated file upload vulnerability in the page content creation feature that could lead to remote code execution...
PT-2026-2351
Name of the Vulnerable Software and Affected Versions versions prior to 2025-41717 Description An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of...
SAP Wily Introscope Enterprise Manager 代码注入漏洞
SAP Wily Introscope Enterprise Manager is an application performance management component from SAP, Germany. A code injection vulnerability exists in SAP Wily Introscope Enterprise Manager, which stems from the use of a vulnerable third-party component, and could allow an unauthenticated attacker...
SAP S/4HANA 代码注入漏洞
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. SAP S/4HANA suffers from a code injection vulnerability that originates from an attacker being able to inject arbitrary ABAP code or OS commands via RFC-exposed function...
SAP Landscape Transformation 代码注入漏洞
SAP Landscape Transformation is a tool for system data migration and integration from SAP, Germany. SAP Landscape Transformation suffers from a code injection vulnerability that originates from an attacker being able to inject arbitrary ABAP code or OS commands via RFC-exposed function modules,...