36394 matches found
CVE-2022-0895
Static Code Injection in GitHub repository microweber/microweber prior to 1.3...
CVE-2024-34761
Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code 'Code Injection' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10...
CVE-2024-41961
Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which...
CVE-2024-41921
A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python...
CVE-2024-41148
A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python...
CVE-2024-39715
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server...
PT-2026-1991
Name of the Vulnerable Software and Affected Versions Foundation Agents MetaGPT affected versions not specified Description A flaw exists in the actionoutput str to mapping function that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for...
Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56839)
Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56838)
Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
PT-2026-2001
Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow related to the handling of Python function components, potentially allowing remote attackers to execute arbitrary code on affected systems. An attacker may be able ...
Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56840)
Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
(0Day) Langflow code Code Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code parameter provided to the validate endpoint. The issue results from th...
PT-2026-2212
Name of the Vulnerable Software and Affected Versions Salesforce Uni2TS versions through 1.2.0 Description An improper control of generation of code issue, specifically a code injection, exists in Salesforce Uni2TS on MacOS, Windows, and Linux. This allows for the leveraging of executable code in...
Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements Used in a Command (CVE-2024-56836)
Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56835)
Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
PT-2026-1998
Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from insufficient...
Siemens Ruggedcom ROX Static Code Injection (CVE-2024-32487)
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the...
Exploit for Code Injection in Laravel Livewire
CVE-2025-54068 - Livewire v3.6.3 Vulnerable Lab This folder...
PHPGurukul Staff Leave Management System 代码注入漏洞
PHPGurukul Staff Leave Management System is an employee leave management system from PHPGurukul. A code injection vulnerability exists in version 1.0 of the PHPGurukul Staff Leave Management System, which stems from an incorrect manipulation of the parameter profilepic in the file...
GHSA-6RCW-WW3X-XQWM carbone Code Injection vulnerability
A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...