CVE-2025-60070 WordPress Molla - Multipurpose Responsive Shopify theme <= 1.5.13 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through = 1.5.13...

CVE-2025-60070 WordPress Molla - Multipurpose Responsive Shopify theme <= 1.5.13 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through = 1.5.13...

CVE-2025-60068 WordPress Javo Core plugin <= 3.0.0.266 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through = 3.0.0.266...

CVE-2025-14856

A security vulnerability has been detected in yproject RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed public...

CVE-2025-14856

A security vulnerability has been detected in yproject RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed public...

CVE-2025-14856 y_project RuoYi getnames code injection

A security vulnerability has been detected in yproject RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed public...

CVE-2025-14856 y_project RuoYi getnames code injection

A security vulnerability has been detected in yproject RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed public...

EUVD-2025-204020

A security vulnerability has been detected in yproject RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed public...

CVE-2025-14856

The CVE-2025-14856 entry concerns y_project RuoYi up to version 4.8.1. The vulnerability is due to manipulation of the fragment argument in the file /monitor/cache/getnames, which can lead to code injection. A remote attacker can exploit this, and public exploit information has been disclosed. Af...

CVE-2025-14837

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

PT-2025-52196

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through = 5.2.3...

TinaCMS 代码注入漏洞

TinaCMS is an open source headless CMS for Markdown, MDX and JSON from Tina Open Source. A code injection vulnerability exists in TinaCMS versions prior to 3.1.1, which stems from improper use of the gray-matter package and could lead to the execution of arbitrary code...

WordPress plugin Javo Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

PT-2025-52129

Improper Control of Generation of Code 'Code Injection' vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through = 3.0.0.266...

PT-2025-52383

Name of the Vulnerable Software and Affected Versions Hugging Face Transformers affected versions not specified Description A flaw exists within the convert config function in Hugging Face Transformers that allows remote attackers to execute arbitrary code on affected installations. Exploitation...

Microsoft Azure Container Apps 代码注入漏洞

Microsoft Azure Container Apps is a serverless container platform from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Azure Container Apps that stems from improper code generation controls and could lead to an unauthorized attacker executing code over the network...

PT-2025-52360

Name of the Vulnerable Software and Affected Versions Azure Container Apps affected versions not specified Description An improper control of generation of code issue, also known as 'code injection', exists in Azure Container Apps. This allows an unauthorized attacker to execute code over a...

PT-2025-52385

Name of the Vulnerable Software and Affected Versions Hugging Face Transformers affected versions not specified Description A flaw exists within the convert config function in Hugging Face Transformers, allowing remote attackers to execute arbitrary code on affected systems. Exploitation requires...

Ruoyi 代码注入漏洞

Ruoyi is a backend management system for individual developers. Ruoyi 4.8.1 and previous versions of code injection vulnerability exists, the vulnerability stems from improper handling of the parameter fragment in the file /monitor/cache/getnames, which may lead to code injection...

PT-2025-52131

Improper Control of Generation of Code 'Code Injection' vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through = 1.5.13...