36429 matches found
TMS 代码注入漏洞
TMS is a channel-based team communication and collaboration + lightweight task dashboard by weicheng individual developers. A code injection vulnerability exists in TMS 2.28.0 and earlier versions, which stems from the incorrect operation of the parameter content in the file...
PT-2025-51982
Name of the Vulnerable Software and Affected Versions ZZCMS version 2025 Description A code injection issue exists in ZZCMS 2025, specifically within the Backend Website Settings Module. The stripfxg function in the /admin/siteconfig.php file is affected. Manipulation of the icp argument can lead...
ChurchCRM 代码注入漏洞
ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from user input in the installation wizard being written directly to a configuration file without validation, which can be exploited by an attacker to cause remote code execution...
CVE-2025-14729
A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...
CVE-2025-14730
A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...
EUVD-2025-203815
NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33226
NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33226
NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33226
CVE-2025-33226 affects NVIDIA NeMo Framework for all platforms. The vulnerability allows code injection via malicious data created by an attacker, with potential outcomes including code execution, privilege escalation, information disclosure, and data tampering as described across multiple source...
CVE-2025-33226
NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...
EUVD-2025-203594
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through = 1.6.8...
CVE-2025-64633 WordPress Norebro Extra plugin <= 1.6.8 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through = 1.6.8...
CVE-2025-67748 Fickling has Code Injection vulnerability via pty.spawn()
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by pty missing from the block list of unsafe module imports. This led to unsafe pickles based on pty.spawn being incorrectly flagged as LIKELYSAFE, and was fixed in version 0.1.6. This impact...
CVE-2025-67748 Fickling has Code Injection vulnerability via pty.spawn()
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by pty missing from the block list of unsafe module imports. This led to unsafe pickles based on pty.spawn being incorrectly flagged as LIKELYSAFE, and was fixed in version 0.1.6. This impact...
CVE-2025-67748 Fickling has Code Injection vulnerability via pty.spawn()
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by pty missing from the block list of unsafe module imports. This led to unsafe pickles based on pty.spawn being incorrectly flagged as LIKELYSAFE, and was fixed in version 0.1.6. This impact...
CVE-2025-67748
Fickling CVE-2025-67748 describes a bypass in which the blocklist of unsafe imports did not include pty, allowing unsafe pickles using pty.spawn() to be misclassified as LIKELY_SAFE. The root cause is documented as the unsafe-imports check missing pty in version
EUVD-2025-203470
A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...
EUVD-2025-203471
A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...
WordPress plugin Norebro Extra 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
NVIDIA Nemo Framework 代码问题漏洞
NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. The NVIDIA Nemo Framework contains a security vulnerability that can be exploited by attackers to cause code execution, elevation of privilege, information disclosure, and data tampering...