36429 matches found
CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule
Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...
EUVD-2025-203091
Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...
CVE-2025-12843
Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...
CVE-2025-12843
Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...
CVE-2025-12843 Code Injection in Wave Term v0.12.2 allowing TCC Bypass
Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...
CVE-2025-12843 Code Injection in Wave Term v0.12.2 allowing TCC Bypass
Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...
CVE-2025-12843
CVE-2025-12843 describes a code injection vulnerability in Wave Term (waveterm) for macOS, affecting version 0.12.2. The issue arises from Electron Fuses code injection and allows a TCC bypass, with CVSS parameters indicating local access, low attack complexity, and low privileges required. The i...
Security Bulletin: Vulnerabilities in smarty and axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.
Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in smarty and axios. Vulnerabilities include allowing an attacker to inject malicious scripts into a Web page and steal cookie-based authentication credentials, execute arbitrary code on the system, and...
WordPress WPMasterToolKit (WPMTK) plugin <= 2.13.0 - Authenticated (Author+) Code Injection vulnerability
Authenticated Author+ Code Injection vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WPMasterToolKit versions = 2.13.0...
Vulnerabilities fixed in SAP Software
SAP has fixed multiple vulnerabilities in several products, including SAP Solution Manager, SAP jConnect, SAP Web Dispatcher, SAP NetWeaver, SAP S/4 HANA Private Cloud, and SAP BusinessObjects. The vulnerabilities include code injection, deserialization, and insufficient input validation, which c...
EUVD-2025-202995
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...
CVE-2025-14166
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...
CVE-2025-14166 WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...
CVE-2025-14166 WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...
CVE-2025-14166
CVE-2025-14166 concerns the WordPress plugin WPMasterToolKit (WPMTK) up to version 2.13.0. The source documents confirm that an authenticated user with Contributor+ or Author+ roles can exploit Code Snippets via the plugin to inject PHP code on the server, enabling remote code execution and poten...
Qualitor 代码注入漏洞
Qualitor is a managed service process and centralized service platform from Qualitor, Inc. A code injection vulnerability exists in Qualitor 8.24.73 and earlier versions, which stems from incorrect manipulation of the parameter cdscript in the file...
Wave Terminal 代码注入漏洞
Wave Terminal is an enterprise collaboration system from Wave Terminal open source. A code injection vulnerability exists in Wave Terminal version 0.12.2, which stems from Electron Fuses code injection and could lead to a TCC bypass...
PT-2025-50863
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...
WordPress plugin WPMasterToolKit 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code...
lightning-flow-scanner 代码注入漏洞
lightning-flow-scanner is an open source command line automation plugin for Lightning Flow Scanner. A code injection vulnerability exists in lightning-flow-scanner version 6.10.5 and earlier, which stems from a maliciously constructed flow metadata file that could lead to arbitrary JavaScript...