CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in SohuTV CacheCloud 3.2.0 and earlier versions, which originates from a misbehavior of the function doUserList in the file...

MOOC 代码注入漏洞

MOOC is an online video education website by yourmaileyes individual developer. A code injection vulnerability exists in MOOC 1.17 and earlier versions, which stems from the incorrect operation of the parameter review in the file mooc/controller/MainController.java, and could lead to cross-site...

SyCms 代码注入漏洞

SyCms is a content management system for shanyu individual developers. SyCms code injection vulnerability exists, the vulnerability stems from the incorrect operation of the function addPost in the file Application/Admin/Controller/FileManageController.class.php, which may lead to code injection...

CmsEasy 代码注入漏洞

CmsEasy is a content management system CMS for creating responsive websites from China's CmsEasy company. A code injection vulnerability exists in CmsEasy 7.7.7 and earlier versions, which stems from incorrect manipulation of the parameter content/tempdata in the file /lib/admin/templateadmin.php...

Eigent 代码注入漏洞

Eigent is a multi-agent workflow desktop application open-sourced by Eigent AI. A code injection vulnerability exists in Eigent version 0.0.60, which stems from a 1-click remote code execution vulnerability that could lead to the execution of arbitrary code...

httpbin 代码注入漏洞

httpbin is an open source HTTP request and response service from Postman Inc. A code injection vulnerability exists in httpbin version 0.6.1 and earlier, which stems from a flaw in the file httpbin-master/httpbin/core.py and could lead to a cross-site scripting attack...

sunkaifei FlyCms 代码注入漏洞

sunkaifei FlyCms is a sunkaifei open source application . A similar to Zhihu to Q&A based completely open source JAVA language development of social networking site building program. A code injection vulnerability exists in sunkaifei FlyCms, which originates from a misbehavior of the userLogin...

Analyzing Code Injection Attacks on LLM-Based Multi-Agent Systems in Software Development

Agentic AI and Multi-Agent Systems are poised to dominate industry and society imminently. Powered by goal-driven autonomy, they represent a powerful form of generative AI, marking a transition from reactive content generation into proactive multitasking capabilities. As an exemplar, we propose a...

CVE-2025-8769

Telenium Online Web Application is vulnerable due to a Perl script that is called to load the login page. Due to improper input validation, an attacker can inject arbitrary Perl code through a crafted HTTP request, leading to remote code execution on the server...

Code-Projects Student Information System 代码注入漏洞

Code-Projects Student Information System is a Code-Projects open source student information system. A code injection vulnerability exists in Code-Projects Student Information System version 1.0, which originates from the incorrect manipulation of the parameter firstname/lastname in the file...

📄 HP ProCurve SNAC Domain Controller Shell Upload

This proof of concept exploits a PHP code injection vulnerability in the HP ProCurve SNAC Domain Controller. ============================================================================================================================================= | Title : HP ProCurve SNAC Domain Controller P...

Arbitrary Code Injection

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Arbitrary Code Injection via the convertconfig function. An attacker can execute arbitrary code by supplying a malicious checkpoint file that is process...

Arbitrary Code Injection

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Arbitrary Code Injection via the convertconfig function. An attacker can execute arbitrary code by supplying a crafted checkpoint file that is processed...

CVE-2025-14928

Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

PYSEC-2025-216

Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

PYSEC-2025-215

Hugging Face Transformers SEW-D convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

CVE-2025-14926

Hugging Face Transformers SEW convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the targe...

CVE-2025-14927

Hugging Face Transformers SEW-D convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

CVE-2025-14928

CVE-2025-14928 – Hugging Face Transformers HuBERT convert_config code execution . A flaw in convert_config fails to validate a user-supplied string before using it to execute Python code, enabling arbitrary code execution when processing a malicious HuBERT checkpoint. Affected product: Hugging Fa...

CVE-2025-14928 Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability

Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...