Ecommerce-Website 代码注入漏洞

Ecommerce-Website is a full-fledged e-commerce website by Winston Dsouza Individual Developer with an admin panel built using PHP and MySql. A code injection vulnerability exists in Ecommerce-Website, which stems from the incorrect operation of the parameter Error in the file...

PT-2025-48395

Name of the Vulnerable Software and Affected Versions Qualitor versions prior to 8.20.105 and prior to 8.24.98 Description A security flaw exists in Qualitor that allows for code injection. The eval function within the file /html/st/stdeslocamento/request/getResumo.php is affected. Manipulation o...

School Management System PHP & MYSQL 代码注入漏洞

School Management System PHP & MYSQL is a school management system by Elias Yasin, an individual developer. A code injection vulnerability exists in School Management System PHP & MYSQL, which originates from a misbehavior of the parameter First Name in the file /student-view.php, which could lea...

Skuul school management system 代码注入漏洞

Skuul school management system is a school management system by the individual developer Marvellous Ifezue. A code injection vulnerability exists in Skuul School Management System version 2.6.5 and earlier, which stems from improper handling of SVG files in the file /dashboard/schools/1/edit, whi...

PT-2025-48388

Name of the Vulnerable Software and Affected Versions taosir WTCMS affected versions not specified Description A code injection issue exists in the fetch function of the /index.php file. Manipulation of the content argument can lead to code injection, and the attack can be initiated remotely. The...

Qualitor 代码注入漏洞

Qualitor is a managed service process and centralized service platform from Qualitor, Inc. A code injection vulnerability exists in Qualitor versions 8.20 and 8.24, which stems from the incorrect manipulation of the parameter passageiros in the file /html/st/stdeslocamento/request/getResumo.php,...

wtcms 代码注入漏洞

wtcms is a ThinkPHP-based content management system CMS by Taosir Individual Developer. A code injection vulnerability exists in wtcms, which stems from incorrect manipulation of the parameter content in the file /index.php, which could lead to code injection...

OrangeHRM 代码注入漏洞

OrangeHRM is a human resource management system HRM from OrangeHRM, Inc. in the United States. The system supports personnel information management, leave management, attendance management and recruitment management. A code injection vulnerability exists in OrangeHRM versions 5.0 through 5.7, whi...

CVE-2025-59302

In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...

CVE-2025-33204

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...

EUVD-2025-199820

In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...

CVE-2025-59302

In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...

CVE-2025-59302

In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...

CVE-2025-59302 Apache CloudStack: Potential remote code execution on Javascript engine defined rules

In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...

CVE-2025-59302

CVE-2025-59302 concerns Apache CloudStack where code injection is possible via admin-only APIs: quotaTariffCreate, quotaTariffUpdate, createSecondaryStorageSelector, updateSecondaryStorageSelector, updateHost, and updateStorage. The issue arises from improper control of code generation. A fix fla...

CVE-2025-59302 Apache CloudStack: Potential remote code execution on Javascript engine defined rules

In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...

Apache CloudStack 安全漏洞

Apache CloudStack is a suite of Infrastructure-as-a-Service IaaS cloud computing platforms from the Apache USA Foundation. The platform is primarily used to deploy and manage large networks of virtual machines. A security vulnerability exists in Apache CloudStack versions 4.18.0 through 4.20.2...

PT-2025-48264

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions 4.18.0 through 4.20.1 Apache CloudStack versions 4.21.0 through 4.21.9 Description An improper control of code generation 'Code Injection' issue exists in Apache CloudStack, specifically within several APIs accessibl...

Arbitrary Code Injection

Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Arbitrary Code Injection via insufficient validation of the User-Agent header in browser requests. An attacker can execute arbitrary code on the host...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and code injection [CVE-2025-57350]

Summary Node.js module csvtojson is used by IBM App Connect Enterprise Certified Container for processing CSV data. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntergrationServer operands are vulnerable to denial of service and code injection. This...