CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Student-Management-System 代码注入漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. Versions of Student-Management-System 1a938fa61e9f735078e9b291d2e6215b4942af3f and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the...

9.8CVSS6AI score0.00034EPSS

dye 代码注入漏洞

Dye is a portable library developed by Mattie’s personal developer, designed for adding colors and styles to shell script outputs. Versions of dye prior to 1.1.1 contained a code injection vulnerability; this vulnerability stemmed from certain template expressions that could allow arbitrary code ...

Exploits1References3

Positive Technologies•added 2026/04/06 12:0 a.m.•3 views

PT-2026-30570

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract command data of the file backend/server/server utils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote...

7.5CVSS6.7AI score0.00067EPSS

Exploits0References6

CNNVD•added 2026/04/06 12:0 a.m.•2 views

GPT Researcher 代码注入漏洞

GPT Researcher is an AI-based deep research agent tool developed by Assaf Elovic. Versions of GPT Researcher 3.4.3 and earlier have a code injection vulnerability. This vulnerability stems from improper handling of the args parameter in the extractcommanddata function in the...

7.5CVSS7.2AI score0.00067EPSS

5.3CVSS5.6AI score0.00039EPSS

Student-Management-System 代码注入漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. The Student-Management-System has a code injection vulnerability, which stems from incorrect handling of the "batch" parameter in the file admin/class%20schedule/deletebatch.php. This...

CNNVD•added 2026/04/06 12:0 a.m.•2 views

Code-Projects Online Shoe Store 代码注入漏洞

Code-Projects Online Shoe Store is an open-source online shoe store system developed by Code-Projects. Version 1.0 of Code-Projects Online Shoe Store contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter productname in the file...

CNNVD•added 2026/04/06 12:0 a.m.•2 views

VvvebJs 代码注入漏洞

VvvebJs is a drag-and-drop website generator developed by Givan’s individual developer. VvvebJs versions 2.0.5 and earlier had a code injection vulnerability, which stemmed from improper handling of the uploadAllowExtensions parameter in the upload.php file. This vulnerability could lead to...

5.3CVSS5.7AI score0.01458EPSS

Exploits1References6

CNNVD•added 2026/04/06 12:0 a.m.•3 views

Student-Management-System 代码注入漏洞

CNNVD•added 2026/04/06 12:0 a.m.•1 views

GPT Researcher 代码注入漏洞

GPT Researcher is an AI-based deep research agent tool developed by Assaf Elovic as a personal development tool. Versions of GPT Researcher 3.4.3 and earlier have a code injection vulnerability, which stems from improper handling of the task parameter in the gptresearcher/skills/researcher.py fil...

5.3CVSS5.7AI score0.00039EPSS

Student-Management-System 代码注入漏洞

CNNVD•added 2026/04/06 12:0 a.m.•5 views

Workbench 代码注入漏洞

Workbench is an open-source web tool suite for managing Salesforce data and metadata, developed by Force.com. Versions of Workbench prior to 65.0.0 contained a code injection vulnerability. This vulnerability stemmed from the handling of cookie values during the time zone conversion process, whic...

9.8CVSS6.2AI score0.00333EPSS

Exploits0References3

CNNVD•added 2026/04/06 12:0 a.m.•3 views

GPT Researcher 代码注入漏洞

GPT Researcher is an AI-based deep research agent tool developed by Assaf Elovic as a personal development tool. Versions of GPT Researcher 3.4.3 and earlier have a code injection vulnerability, which stems from improper handling of the backend/server/app.py file. This vulnerability may lead to...

5.3CVSS5.7AI score0.00013EPSS

EUVD•added 2026/04/05 9:30 p.m.•1 views

EUVD-2019-20087

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view...

8.8CVSS6.2AI score0.0013EPSS

Exploits1References4

EUVD•added 2026/04/05 9:30 p.m.•0 views

EUVD-2026-19121

A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the function eval of the file premsql/agents/baseline/workers/followup.py. This manipulation of the argument result causes code injection. The attack is possible to be carried out remotely. The exploit has been made...

6.5CVSS6.3AI score0.00056EPSS

Exploits0References6

NVD•added 2026/04/05 7:17 p.m.•2 views

CVE-2026-5594

6.5CVSS0.00056EPSS

EUVD•added 2026/04/05 6:30 p.m.•0 views

EUVD-2026-19113

A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the component query Endpoint. Such manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to...

7.5CVSS6.6AI score0.00051EPSS