PT-2025-50942

Name of the Vulnerable Software and Affected Versions waveterm version 0.12.2 Description Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. The issue allows for code execution by exploiting Electron Fuses. Recommendations At the moment, there is no information about a...

CVE-2024-58303

FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generati...

Arbitrary Code Injection

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Arbitrary Code Injection via the hasmetacommands function. An attacker can execute arbitrary commands on the system by crafting a SQL file that begins with a UTF-8 Byte Order Mark or special byte sequences...

warehouseManager 代码注入漏洞

warehouseManager is a warehouse management system developed by yangshare individual developers in China. A code injection vulnerability exists in warehouseManager version 1.1.0, which originates from the incorrect operation of the parameter Name in the function addCustomer in the file...

CVE-2025-63068

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through = 5.0.5...

CVE-2025-66533

Improper Control of Generation of Code 'Code Injection' vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through = 4.13.1...

CVE-2024-56835

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.0, RUGGEDCOM ROX MX5000RE All versions V2.17.0, RUGGEDCOM ROX RX1400 All versions V2.17.0, RUGGEDCOM ROX RX1500 All versions V2.17.0, RUGGEDCOM ROX RX1501 All versions V2.17.0, RUGGEDCOM ROX RX1510 All versions V2.17.0...

CVE-2024-56840

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.0, RUGGEDCOM ROX MX5000RE All versions V2.17.0, RUGGEDCOM ROX RX1400 All versions V2.17.0, RUGGEDCOM ROX RX1500 All versions V2.17.0, RUGGEDCOM ROX RX1501 All versions V2.17.0, RUGGEDCOM ROX RX1510 All versions V2.17.0...

CVE-2024-56839

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.0, RUGGEDCOM ROX MX5000RE All versions V2.17.0, RUGGEDCOM ROX RX1400 All versions V2.17.0, RUGGEDCOM ROX RX1500 All versions V2.17.0, RUGGEDCOM ROX RX1501 All versions V2.17.0, RUGGEDCOM ROX RX1510 All versions V2.17.0...

Neuron 代码注入漏洞

Neuron is an Industrial Internet of Things IIoT connectivity server open-sourced by EMQ. Used for modern Big Data and AI/ML technologies to harness the power of Industry 4.0. A code injection vulnerability exists in Neuron 2.8.11 and earlier versions, which stems from a read-only bypass...

PopojiCMS 代码注入漏洞

PopojiCMS is an open source website builder from PopojiCMS. A code injection vulnerability exists in PopojiCMS version 2.0.1, which originates from an administrator user can inject malicious PHP code via a metadata settings endpoint, which may result in remote command execution...

PT-2025-50533

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...

EUVD-2025-201954

Improper Control of Generation of Code 'Code Injection' vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through = 4.13.1...

EUVD-2025-201848

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...

EUVD-2024-55304

A vulnerability has been identified in RUGGEDCOM ROX II family All versions V2.17.0. Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user...

EUVD-2024-55305

A vulnerability has been identified in RUGGEDCOM ROX II family All versions V2.17.0. Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user...

Arbitrary Code Injection

Overview neuron-core/neuron-ai is a The PHP Agentic Framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the validation based on the first keyword e.g., SELECT and a forbidden-keyword list does not block file-writing constructs such in the MySQLSelectTool. A...

EUVD-2025-202179

Elysia affected by arbitrary code injection through cookie config...

CVE-2025-66533

Improper Control of Generation of Code 'Code Injection' vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through = 4.13.1...

CVE-2025-63068

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through = 5.0.5...