PT-2025-51988

Name of the Vulnerable Software and Affected Versions y project RuoYi versions up to 4.8.1 Description A security issue exists in y project RuoYi, potentially allowing for remote code injection. The issue is related to manipulation of the fragment argument within an unknown function in the...

ZZCMS 代码注入漏洞

ZZCMS is a content management system CMS from the China ZZCMS team. A code injection vulnerability exists in ZZCMS version 2025, which stems from incorrect manipulation of the parameter icp in the back-end site settings module file /admin/siteconfig.php, which may lead to code injection...

WordPress plugin colabrio Stockie Extra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-52384

Name of the Vulnerable Software and Affected Versions Hugging Face Transformers affected versions not specified Description A flaw exists in the convert config function that allows remote attackers to execute arbitrary code on affected systems. Exploitation requires user interaction, specifically...

📄 Laravel Pulse 1.3.1 Arbitrary Code Injection

Proof of concept exploit written in PHP for Laravel Pulse version 1.3.1. This version of Laravel Pulse suffers from an arbitrary code injection vulnerability...

WordPress plugin Molla 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

Microsoft Purview 代码注入漏洞

Microsoft Purview is a data security and management software from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Purview that originates from path traversal and could lead to network code execution...

PT-2025-52171

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through = 1.2.11...

(0Day) Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific flaw exists within the convertconfig functio...

Codigo 代码注入漏洞

Codigo is a Markdown editor by the individual developer Alfonz Montelibano. A code injection vulnerability exists in Codigo version 1.0.1, which stems from the ability to execute arbitrary system commands that could lead to remote code execution...

EUVD-2025-204005

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

CVE-2025-14837 ZZCMS Backend Website Settings siteconfig.php stripfxg code injection

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

CVE-2025-14837

ZZCMS 2025 has a code injection vulnerability in the Backend Website Settings Module. The stripfxg function in /admin/siteconfig.php mishandles the icp argument, enabling remote code execution. Exploit has been publicly disclosed. Affected: ZZCMS 2025; file: /admin/siteconfig.php; function: strip...

CVE-2025-14837 ZZCMS Backend Website Settings siteconfig.php stripfxg code injection

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

EUVD-2025-203917

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

CVE-2025-33226

NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2025-64633

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through = 1.6.8...

📄 Invoice Ninja 5.8.22 PHP Code Injection

Invoice Ninja version 5.8.22 remote proof of concept exploit for a PHP code injection vulnerability. ============================================================================================================================================= | Title : Invoice Ninja v 5.8.22 PHP Code Injection...