CVE-2026-6110

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

Google Agent Development Kit (ADK) has a Code Injection and Missing Authentication vulnerability

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

EUVD-2026-21900

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

Arbitrary Code Injection

Overview google-adk is an Agent Development Kit Affected versions of this package are vulnerable to Arbitrary Code Injection via the the builder UI on Python OSS, Cloud Run, and GKEdue to missing authentication in the process. An attacker can execute arbitrary code on the server by uploading YAML...

GHSA-RG7C-G689-FR3X Google Agent Development Kit (ADK) has a Code Injection and Missing Authentication vulnerability

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

CVE-2026-4810

CVE-2026-4810 is a Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) affecting Python OSS, Cloud Run, and GKE. Affected ADK versions range from 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2), where an unauthenticated remote attacker can execute arbitr...

CVE-2026-4810 Remote Code Execution in Google Agent Development Kit (ADK)

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

CVE-2026-4810

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

BIT-GITLAB-2026-1516 Improper Control of Generation of Code ('Code Injection') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content...

DbGate 代码注入漏洞

DbGate is an open-source database manager developed by DbGate. Versions of DbGate 7.1.4 and earlier contained a code injection vulnerability. This vulnerability stemmed from the operation of the applicationIcon parameter in the SVG Icon String Handler component, which allowed for cross-site...

PHPGurukul Company Visitor Management System 代码注入漏洞

PHPGurukul Company Visitor Management System is a visitor management system developed by PHPGurukul Corporation. Version 2.0 of the PHPGurukul Company Visitor Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “fromdate” in the...

ytDownloader 代码注入漏洞

ytDownloader is a multi-platform audio and video download tool developed by Andrew. Versions of ytDownloader 3.20.2 and earlier had a code injection vulnerability, which stemmed from a cross-site scripting attack involving the function createTextNode in the Error Details Panel component...

PT-2026-32287

I got an alert from GitHub Dependabot to update the google-adk python version to v1.28.1 because of a vulnerability in versions 1.7.0 to 1.28.0. https://github.com/advisories/GHSA-rg7c-g689-fr3x A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions...

Code-Projects Simple Laundry System 代码注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of the code-projects Simple Laundry System contains a cod...

Code-Projects Simple ChatBox 代码注入漏洞

Code-Projects Simple ChatBox is a simple chat box system developed by Code-Projects as open source. Versions of Code-Projects Simple ChatBox 1.0 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “msg” in the file...

Code-Projects Simple Content Management System 代码注入漏洞

Code-Projects Simple Content Management System is an open-source simple content management system developed by Code-Projects. Version 1.0 of the code-projects Simple Content Management System contains a code injection vulnerability. This vulnerability arises from incorrect handling of parameters...

MaxKB 代码注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB 2.4.2 and earlier have a code injection vulnerability. This vulnerability stems from incorrect operations on the MdPreview component in the file ui/src/chat.ts, whi...

📄 Shopware Improper Control

Shopware versions greater than or equal to 6.7.0.0 and less than 6.7.6.1 has an improper control related to Twig rendered views. CVE-2026-23498: Shopware Has Improper Control of Generation of Code in Twig rendered views Overview | Field | Details | |---|---| | CVE ID | CVE-2026-23498 | | Severity...

Exploit for Code Injection in Langflow

CVE-2026-33017 - Langflow Unauthenticated RCE...

Exploit for Code Injection in Ejs

No d...