CVE-2019-7411

Multiple stored cross-site scripting XSS in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: 1 Title, 2 Favicon, 3 Meta Description, 4 Subscribe Form Name field label, Last name field label, Email...

CVE-2019-7177

Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin...

CVE-2019-16701

pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.execphp call containing shell metacharacters in a parameter value...

CVE-2019-16070

A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs...

CVE-2019-16069

A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through the SNMP protocol...

CVE-2019-12774

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...

CVE-2025-1983

A cross-site scripting XSS vulnerability in Ready's File Explorer upload functionality allows injection of arbitrary JavaScript code in filename. Injected content is stored on server and is executed every time a user interacts with the uploaded file...

CVE-2024-2016

A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-2497

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

Exploit for Code Injection in Foxcms

Mass-CVE-2025-29306...

EUVD-2026-1182

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...

pnpm 代码注入漏洞

pnpm is a package manager for pnpm open source. A code injection vulnerability exists in pnpm versions 6.25.0 through 10.26.2, which stems from command injection when using environment variable substitution in the .npmrc configuration file, and could lead to remote code execution...

Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability

Hewlett Packard Enterprise HPE OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code execution...

Microsoft Office PowerPoint Code Injection Vulnerability

Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption...

Arbitrary Code Injection

aizuda snail-job is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper handling of user-controlled input in the QLExpressEngine.doEval function, which allows a remote attacker to inject and execute malicious expressions...

wangmarket 代码注入漏洞

wangmarket is a privatized deploy your own SAAS cloud builder system for xnx3 individual developers in China. A code injection vulnerability exists in wangmarket 4.9 and earlier versions, which stems from an incorrect manipulation of the Description parameter in the file...

muffon 代码注入漏洞

muffon is a music playback software by Aleksey Shpakovsky Personal Developer. A code injection vulnerability exists in muffon versions prior to 2.3.0, which stems from mishandling of specially crafted muffon links that could lead to remote code execution...

SourceCodester API Key Manager App 代码注入漏洞

SourceCodester API Key Manager App is a SourceCodester open source api key manager application. A code injection vulnerability exists in SourceCodester API Key Manager App version 1.0, which stems from an incorrect operation of the component Import Key Handler and could lead to a cross-site...

wangmarket 代码注入漏洞

wangmarket is a privatized deploy your own SAAS cloud builder system for xnx3 individual developers in China. A code injection vulnerability exists in wangmarket 4.9 and earlier versions, which stems from the incorrect operation of the parameter Description in the function variableList in the fil...

Code-Projects Online Product Reservation System 代码注入漏洞

Code-Projects Online Product Reservation System is a Code-Projects open source online product reservation system. A code injection vulnerability exists in Code-Projects Online Product Reservation System version 1.0, which stems from an incorrect manipulation of the parameter cat in the file...