Code-Projects Simple Stock System 代码注入漏洞

Code-Projects Simple Stock System is a Code-Projects open source simple stock system. A code injection vulnerability exists in Code-Projects Simple Stock System version 1.0, which originates from a cross-site scripting vulnerability in an unknown function in the file /market/chatuser.php...

CVE-2025-14837

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

CVE-2025-65037

Improper control of generation of code 'code injection' in Azure Container Apps allows an unauthorized attacker to execute code over a network...

CVE-2025-65037

Improper control of generation of code 'code injection' in Azure Container Apps allows an unauthorized attacker to execute code over a network...

EUVD-2025-204414

Improper control of generation of code 'code injection' in Azure Container Apps allows an unauthorized attacker to execute code over a network...

Arbitrary Code Injection

Overview tinacms is a headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Arbitrary Code Injection via the improper use of gray-matter package. An attacker can execute arbitrary code on the server by submitti...

Arbitrary Code Injection

Overview @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Arbitrary Code Injection via the improper use of gray-matter package. An...

EUVD-2025-204117

Improper Control of Generation of Code 'Code Injection' vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through = 3.0.0.266...

EUVD-2025-204115

Improper Control of Generation of Code 'Code Injection' vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through = 1.5.13...

CVE-2025-64225

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through = 1.2.11...

CVE-2025-60070

Improper Control of Generation of Code 'Code Injection' vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through = 1.5.13...

CVE-2025-60068

Improper Control of Generation of Code 'Code Injection' vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through = 3.0.0.266...

Azure Container Apps Remote Code Execution Vulnerability

Improper control of generation of code 'code injection' in Azure Container Apps allows an unauthorized attacker to execute code over a network...

CVE-2025-66078

CVE-2025-66078 is a WordPress plugin vulnerability in the MotoPress Hotel Booking Lite (Jetmonsters Hotel Booking Lite) ≤ 5.2.3 that allows remote code execution via improper generation of code (Web/App-side code injection). The entry is supported across multiple catalogs (NVD, Red Hat, CVE list)...

CVE-2025-66078 WordPress Hotel Booking Lite plugin <= 5.2.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through = 5.2.3...

CVE-2025-66078 WordPress Hotel Booking Lite plugin <= 5.2.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through = 5.2.3...

EUVD-2025-204074

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through = 1.2.11...

CVE-2025-60068

CVE-2025-60068 is a WordPress plugin vulnerability in Javo Core (WordPress plugin) that allows arbitrary code execution due to improper control over code generation (code injection). Affected version range: Javo Core up to

CVE-2025-60068 WordPress Javo Core plugin <= 3.0.0.266 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through = 3.0.0.266...

CVE-2025-60070

CVE-2025-60070 concerns The4 Molla (WordPress theme/plugin Molla) with versions up to and including 1.5.13, where improper control of code generation enables code injection (arbitrary code execution). References consistently describe this as a vulnerability affecting Molla versions ≤ 1.5.13. The ...