EUVD-2025-199631

Contao is vulnerable to cross-site scripting in templates...

CVE-2025-65961

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A...

CVE-2025-65961 Contao is vulnerable to cross-site scripting in templates

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A...

EUVD-2025-199609

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...

GHSA-XJ9J-GJXG-7JVQ REDAXO CMS is vulnerable to RCE attack through its template management component

A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the template management component in REDAXO CMS. An attacker can execute arbitrary operating system commands by injecting PHP code into an active template and triggering its execution when visitors access...

CVE-2025-33204

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...

CVE-2025-33204

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...

CVE-2025-33204

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...

CVE-2025-33204

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...

CVE-2025-33204

CVE-2025-33204 affects NVIDIA NeMo Framework (all platforms). The vulnerability lies in the NLP/LLM components, where malicious input data can lead to code injection, with potential outcomes including code execution, privilege escalation, information disclosure, and data tampering. According to R...

Code Injection

@anthropic-ai/claude-code is vulnerable to code injection.The vulnerability is due to a flaw in the startup trust dialog that allows an attacker to trick the tool into executing untrusted project code before the user approves the dialog...

REDAXO 安全漏洞

REDAXO is a content management system from REDAXO open source. A security vulnerability exists in REDAXO version 5.20.0, which stems from a template management component that allows injection of PHP code, potentially leading to remote code execution...

PT-2025-48063

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...

CVE-2025-64050

The CVE describes a Remote Code Execution in REDAXO CMS (v5.20.0) tied to the template management component. An authenticated administrator can inject PHP code into an active template, leading to command execution when frontend pages render the compromised template. Impact is high (CVE metrics sh...

Contao 安全漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management and CSS frameworks. A security vulnerability exists in Contao versions 4.0.0 through 4.13.57 prior, 5.3.42 prior, and 5.6.5 prior, which stems from...

WordPress plugin Sneeit Framework 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

NVIDIA Nemo Framework 代码注入漏洞

NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. A code injection vulnerability exists in NVIDIA Nemo Framework that stems from the presence of malicious data in the NLP and LLM components, which could lead to code injection that could result in co...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...