CVE-2026-5631

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

Arbitrary Code Injection

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Arbitrary Code Injection over the /api/jolokia MBeans interface. A user can execute arbitrary code on the broker's JVM by invoking operations with ...

CVE-2026-34197

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

UBUNTU-CVE-2026-34197

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

CVE-2026-34197

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

PT-2026-30993

Name of the Vulnerable Software and Affected Versions PowerJob versions 5.1.0 through 5.1.2 Description A security flaw exists in PowerJob versions 5.1.0 through 5.1.2. The issue is related to code injection resulting from the manipulation of the nodeParams argument within the...

ChurchCRM 代码注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a code injection vulnerability. This vulnerability stemmed from the $dbPassword variable not being cleaned during the installation process, which could lead to remote code execution and...

SiYuan 代码注入漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.6.4 contained a code injection vulnerability. This vulnerability stemmed from insecure escaping of table header contents, which could lead to storage-side cross-site scripti...

Code-Projects Online Hotel Booking 代码注入漏洞

Code-Projects Online Hotel Booking is an online hotel reservation system developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Hotel Booking contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter “roomname” in the file...

PowerJob 代码注入漏洞

PowerJob is an open-source distributed computing and job scheduling framework developed by PowerJob. It allows developers to easily schedule tasks within their applications. Versions 5.1.0, 5.1.1, and 5.1.2 of PowerJob have code injection vulnerabilities. These vulnerabilities stem from incorrect...

CVE-2026-5692

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and cou...

CVE-2026-35197

CVE-2026-35197 affects the dye library for shell scripts. Before version 1.1.1, certain dye template expressions could lead to arbitrary code execution. The issue was discovered and fixed by the dye author, and is not publicly known to be exploited. A fix is available in 1.1.1. The NVD and Red Ha...

CVE-2026-35197 Code injection in dye template expressions

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

Arbitrary Code Injection

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Arbitrary Code Injection via the template rendering process. An attacker can execute arbitrary code on the...

CVE-2026-5556

A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible...

EUVD-2026-19186

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

CVE-2026-5631

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

CVE-2026-5631 assafelovic gpt-researcher ws Endpoint server_utils.py extract_command_data code injection

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

CVE-2026-5631

The CVE-2026-5631 entry affects assafelovic gpt-researcher up to version 3.4.3. The vulnerability resides in the function extract_command_data in backend/server/server_utils.py of the ws Endpoint, where manipulation of the args parameter enables code injection. This can be exploited remotely; the...

CVE-2026-5631

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...