36429 matches found
Industrial Video & Control Longwatch 代码注入漏洞
Industrial Video & Control Longwatch is an industrial-grade video surveillance and management platform from Industrial Video & Control, Inc. Industrial Video & Control Longwatch suffers from a code injection vulnerability that originates from an unauthenticated HTTP GET request that can execute...
Arbitrary Code Injection
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Arbitrary Code Injection via the config class named NemotronNanoVLConfig. An attacker can execute arbitrary code on the host system by publishing a...
Arbitrary Code Injection
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection via insufficient validation in the cleanDangerousTwig function. An attacker can execute arbitrary commands on the...
CLSA-2025-1764615000 python3.11-setuptools: Fix of CVE-2024-6345
CVE-2024-6345: Fix code injection vulnerability in package download functions...
CVE-2025-13786
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...
Security Bulletin: Due to use of quartz-jobs, IBM Sterling Partner Engagement Manager is vulnerable to a code injection.
Summary IBM Sterling Partner Engagement Managaer uses quartz-jobs, within the product CVE-2025-4447. Vulnerability Details CVEID:CVE-2023-39017 DESCRIPTION: quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component...
vLLM 代码注入漏洞
vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code injection vulnerability exists in vLLM versions prior to 0.11.1 that stems from the presence of a remote code execution vector in the NemotronNanoVLConfig configuration class, which could...
RestaurantWebsite 代码注入漏洞
RestaurantWebsite is an online food ordering and table reservation system by the individual developer Idriss JAIRI. RestaurantWebsite suffers from a code injection vulnerability that stems from the incorrect operation of the parameter selecteddate in the component Make a Reservation, which could...
EUVD-2025-199935
A security flaw has been discovered in Qualitor 8.20/8.24. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing manipulation of the argument passageiros results in code injection. Remote exploitation of the attack is possible. T...
CVE-2025-13792
A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote exploitation of the attack...
CVE-2025-13792 Qualitor getResumo.php eval code injection
A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote exploitation of the attack...
CVE-2025-13792 Qualitor getResumo.php eval code injection
A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote exploitation of the attack...
CVE-2025-13792
A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote exploitation of the attack...
Exploit for Code Injection in Sitecore Experience_Commerce
CVE-...
EUVD-2025-199928
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...
CVE-2025-13786
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...
CVE-2025-13786
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...
CVE-2025-13786 taosir WTCMS index.php fetch code injection
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...
CVE-2025-13786 taosir WTCMS index.php fetch code injection
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...
CVE-2025-13786
CVE-2025-13786 affects taosir WTCMS. The vulnerability is in the fetch function of /index.php, where manipulation of the content parameter leads to code injection. Impact is remote execution with high severity; exploit publicly available. The product uses a rolling release, and the reports do not...