Zomplog 安全漏洞

Zomplog is a Web logging system from Zomplog Open Source. A security vulnerability exists in Zomplog version 3.9 that originates from allowing an authenticated attacker to inject and execute arbitrary PHP code via a file manipulation endpoint, potentially leading to remote code execution...

DMadmin 代码注入漏洞

DMadmin is China vion707 open source a basic interface framework . DMadmin code injection vulnerability exists , the vulnerability stems from the file Admin/Controller/AddonsController.class.php in the Add function there is a cross-site scripting vulnerability can be exploited remotely...

PT-2025-51320

Name of the Vulnerable Software and Affected Versions CTCMS Content Management System versions up to 2.1.2 Description A security flaw exists in CTCMS Content Management System. The issue resides in an unknown function within the /ctcms/libs/Ct Config.php library of the Backend System Configurati...

GHSA-3F8C-8H8V-P54H snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function

A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...

snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function

A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the doEval function. An attacker can execute arbitrary code by injecting malicious expressions. Remediation Upgrade com.aizuda:snail-job-common-core to version 1.7.0-beta1 or higher. References - gitee...

Code-Projects Student File Management System 代码注入漏洞

Student File Management System is a student file management system. A cross-site scripting vulnerability exists in Student File Management System, which originates from an incorrect operation of the file /admin/updateuser.php, for which no detailed vulnerability details are currently available...

Mayan EDMS 代码注入漏洞

Mayan EDMS is a free web-based document management system from Mayan EDMS, Inc. It is used to manage documents within an organization. A code injection vulnerability exists in Mayan EDMS 4.10.1 and prior versions, which stems from incorrect manipulation of the file /authentication/ and could lead...

Code-Projects Student File Management System 代码注入漏洞

Student File Management System is a student file management system. Student File Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /admin/updatestudent.php, which can be exploited by a...

CVE-2025-12843

Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...

Code Injection

Open WebUI is vulnerable to a code injection vulnerability. The vulnerability is due to improper handling of Server-Sent Event SSE execute events in the Direct Connections feature, which allows an attacker controlling a malicious external model server to inject and execute arbitrary JavaScript in...

Arbitrary Code Injection

pgAdmin is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper handling of PLAIN-format dump files during restore operations in server mode, which allows an attacker to inject and execute arbitrary commands on the server hosting pgAdmin...

Remote Code Execution (RCE)

redaxo/source is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of template content allowing PHP code injection, which allows an attacker to execute arbitrary operating system commands when the template is rendered...

Arbitrary Code Injection

cbpi4 is vulnerable to Arbitrary Code Injection. The vulnerability is due to lack of validation of the "logtime" URL parameter before passing it to the os.system function, which allows an attacker to execute arbitrary commands...

Improper Certificate Validation

org.codehaus.mevenide, netbeans is vulnerable to improper certificate validation. The vulnerability is due to the autoupdate system failing to validate SSL certificates and hostnames for HTTPS-based downloads, which allows an attacker to intercept and modify autoupdate packages and potentially...

WordPress plugin The Shortcode Ajax 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule

Impact The APIVersion rule uses new Function to evaluate expression strings. A malicious crafted flow metadata file can cause arbitrary JavaScript execution during scanning. An attacker could execute arbitrary JavaScript during a scan by supplying a malicious expression within rule configuration ...

GHSA-55JH-84JV-8MX8 Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule

Impact The APIVersion rule uses new Function to evaluate expression strings. A malicious crafted flow metadata file can cause arbitrary JavaScript execution during scanning. An attacker could execute arbitrary JavaScript during a scan by supplying a malicious expression within rule configuration ...

CVE-2025-67750

Lightning Flow Scanner is affected through versions 6.10.5 and earlier, where the APIVersion rule uses unsafe evaluation with new Function() to process expression strings. A maliciously crafted flow metadata file or rule configuration can cause arbitrary JavaScript execution during scanning, pote...

CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...