Exploit for Code Injection in Sabberworm Php_Css_Parser

CVE-2020-13756 Vulnerable Environment Vulnerable test environ...

TUUI 代码注入漏洞

TUUI is an MCP client for AIQL open source. A code injection vulnerability exists in TUUI versions prior to 1.3.4, which stems from an insecure cross-site scripting vulnerability in the Markdown rendering component that could lead to remote code execution...

CVE-2025-13792

A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote exploitation of the attack...

xunruicms 跨站脚本漏洞

xunruicms is a website builder framework for individual developers of XunRuiCMS. A code injection vulnerability exists in xunruicms 4.7.1 and earlier versions, which stems from incorrect manipulation of the parameter dataname in the file /admind45f74adbd95.php, and could lead to cross-site...

xunruicms 代码注入漏洞

xunruicms is a website builder framework for individual developers of XunRuiCMS. A code injection vulnerability exists in xunruicms 4.7.1 and earlier versions, which stems from incorrect manipulation of the parameter dataname in the file /admind45f74adbd95.php, and could lead to cross-site...

JIZHICMS 代码注入漏洞

JIZHICMS Jizhi CMS is a set of open source content management system CMS of China Jizhi JIZHI company. A code injection vulnerability exists in JIZHICMS 2.5.5 and earlier versions, which stems from incorrect manipulation of the parameter body in the file /index.php/admins/Comment/addcomment.html,...

XunRuiCMS 代码注入漏洞

XunRuiCMS XunRuiCMS is a content management system for individual developers of XunRuiCMS. A code injection vulnerability exists in XunRuiCMS 4.7.1 and earlier versions, which stems from incorrect manipulation of the component Domain Name Binding Page in the file /admin79f2ec220c7e.php, which cou...

Exploit for CVE-2025-13486

Lab: CVE-2025-13486 - Remote Code Execution in Advanced Custom...

Arbitrary Code Injection

Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserialization ...

Arbitrary Code Injection

Overview react-server-dom-turbopack is a React Server Components bindings for DOM using Turbopack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe...

CVE-2025-65187

A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed...

DeepChat 代码注入漏洞

DeepChat is an intelligent assistant open-sourced by ThinkInAIXYZ. A code injection vulnerability exists in DeepChat 0.5.0 and earlier versions, which stems from the presence of stored cross-site scripting in the Mermaid chart renderer, which could lead to remote code execution...

WordPress plugin Advanced Custom Fields Extended 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

Masa CMS 代码注入漏洞

Masa CMS is a digital experience platform. A code injection vulnerability exists in Masa CMS versions prior to 7.2.8, prior to 7.3.13, and prior to 7.4.6, which stems from the addParam function accepting user input and evaluating it via setDynamicContent, which could lead to remote code execution...

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk Clou...

CVE-2025-13658

CVE-2025-13658 affects Industrial Video & Control Longwatch devices. The root cause is the absence of code signing and execution controls on an exposed endpoint, allowing unauthenticated HTTP GET requests to inject and execute arbitrary code. Exploitation leads to SYSTEM-level privileges and pote...

CVE-2025-13658 Industrial Video & Control Longwatch has a Code Injection vulnerability

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges...

CVE-2025-13658 Industrial Video & Control Longwatch has a Code Injection vulnerability

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges...

BIT-FLUX-2022-24817 Improper kubeconfig validation allows arbitrary code execution

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...

Arbitrary Code Injection

Overview kagura-ai is an Universal AI Memory Platform - MCP-native context management for all AI agents Affected versions of this package are vulnerable to Arbitrary Code Injection due to missing access restrictions in multiple tool endpoints, including codingindexsourcecode,...