Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability

Hewlett Packard Enterprise HPE OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code execution...

Arbitrary Code Injection

aizuda snail-job is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper handling of user-controlled input in the QLExpressEngine.doEval function, which allows a remote attacker to inject and execute malicious expressions...

muffon 代码注入漏洞

muffon is a music playback software by Aleksey Shpakovsky Personal Developer. A code injection vulnerability exists in muffon versions prior to 2.3.0, which stems from mishandling of specially crafted muffon links that could lead to remote code execution...

wangmarket 代码注入漏洞

wangmarket is a privatized deploy your own SAAS cloud builder system for xnx3 individual developers in China. A code injection vulnerability exists in wangmarket 4.9 and earlier versions, which stems from an incorrect manipulation of the Description parameter in the file...

SourceCodester API Key Manager App 代码注入漏洞

SourceCodester API Key Manager App is a SourceCodester open source api key manager application. A code injection vulnerability exists in SourceCodester API Key Manager App version 1.0, which stems from an incorrect operation of the component Import Key Handler and could lead to a cross-site...

wangmarket 代码注入漏洞

wangmarket is a privatized deploy your own SAAS cloud builder system for xnx3 individual developers in China. A code injection vulnerability exists in wangmarket 4.9 and earlier versions, which stems from the incorrect operation of the parameter Description in the function variableList in the fil...

Code-Projects Online Product Reservation System 代码注入漏洞

Code-Projects Online Product Reservation System is a Code-Projects open source online product reservation system. A code injection vulnerability exists in Code-Projects Online Product Reservation System version 1.0, which stems from an incorrect manipulation of the parameter cat in the file...

Lettura 代码注入漏洞

Lettura is an RSS reader developed by zhanglun. A code injection vulnerability exists in Lettura 0.1.22 and earlier versions, which originates from an incorrect operation of the src/components/ArticleView/ContentRender.tsx file of the component RSS Handler, and could lead to a cross-site scriptin...

Exploit for Code Injection in Microsoft

Reverse Shell-able Exploit POCs Sharing the list of Windows e...

Exploit for Code Injection in Microsoft

Reverse Shell-able Exploit POCs Sharing the list of Windows e...

Exploit for Code Injection in Symfony Twig

Successful Errors: New Code Injection and SSTI Techniques !R...

Arbitrary Code Injection

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Arbitrary Code Injection via the appstore.js REST API endpoint, which allows the installation of npm packages using unsanitized version specifiers. An administrator...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889-text4shell Description This script is a pe...

LigeroSmart 代码注入漏洞

LigeroSmart is a management platform for LigeroSmart open source. A code injection vulnerability exists in LigeroSmart versions 6.1.24 and earlier, which stems from the incorrect manipulation of the parameter REQUESTURI in the component Environment Variable Handler, and could lead to a cross-site...

QNAP Systems Malware Remover 代码注入漏洞

QNAP Systems Malware Remover is a built-in security application from Taiwan, China-based QNAP Systems. A code injection vulnerability exists in QNAP Systems Malware Remover, which stems from improper code generation controls that could lead to a bypass of protection mechanisms...

CVE-2025-15394

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...

CVE-2025-15393

A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection. The attack can be...

Arbitrary Code Injection

Overview datamodel-code-generator is a Datamodel Code Generator Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of filenames used in generated headers. An attacker can provide a maliciously crafted filename containing Python syntax or esca...

Signal K Server 代码注入漏洞

Signal K Server is a ship centralized server for Signal K open source. A code injection vulnerability exists in Signal K Server versions prior to 2.19.0, which stems from the appstore interface passing version parameters directly to npm without cleaning them up, which could lead to arbitrary code...

PT-2026-1169

CVE-2025-22203 - Apache Struts Code Injection Vulnerability CVE ID : CVE-2025-22203 Published : Jan. 1, 2026, 1:15 a.m. | 3 hours, 5 minutes ago Description : Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. Severity: 0.0 | NA...