kafka-ui 代码注入漏洞

kafka-ui is a web management interface for Kafka developed by Provectus. Versions of kafka-ui prior to 0.7.2 contained a code injection vulnerability. This vulnerability stemmed from the validateAccess function in the endpoint/api/smartfilters/testexecutions...

PremSQL 代码注入漏洞

PremSQL is an AI data analysis tool library for translating localized text into SQL, developed by Prem Open Source. Versions of PremSQL 0.2.1 and earlier contained a code injection vulnerability, which was caused by incorrect handling of the result parameter, potentially leading to code injection...

OSS Weekend 代码注入漏洞

OSS Weekend is an AI agent development and LLM deployment management tool developed by Mario Zechner as a personal project. Versions of OSS Weekend prior to 0.58.4 contained a code injection vulnerability. This vulnerability stemmed from the discoverAndLoadExtensions function in the...

Code-Projects Simple Laundry System 代码注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of Code-Projects Simple Laundry System contains a code...

PT-2026-30432

Name of the Vulnerable Software and Affected Versions provectus kafka-ui versions up to 0.7.2 Description A code injection issue exists in the validateAccess function within the Endpoint component, specifically in the file /api/smartfilters/testexecutions. This can be triggered remotely. The...

Akaunting 代码注入漏洞

Akaunting is an application software provided by Akaunting Corporation that offers all the tools needed for online fund management. Versions of Akaunting 3.1.21 and earlier had a code injection vulnerability, which was caused by incorrect handling of the parameter “notes” in the Invoice/Billing...

PT-2026-30455

A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the function eval of the file premsql/agents/baseline/workers/followup.py. This manipulation of the argument result causes code injection. The attack is possible to be carried out remotely. The exploit has been made...

WordPress plugin Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Exploit for Code Injection in Apache Ranger

CVE-2025-59059: Misattributed RCE in Apache Ranger a correcti...

Casdoor 代码注入漏洞

Casdoor is an open-source platform developed by Casdoor, which supports various authentication and authorization protocols. Version 2.356.0 of Casdoor contains a code injection vulnerability. This vulnerability stems from improper handling of parameters such as formCss/formCssMobile/formSideHtml,...

Arbitrary Code Injection

Overview dbgate-web is a This package is used internally by DbGate Affected versions of this package are vulnerable to Arbitrary Code Injection through the FontIcon rendering path in packages/web/src/icons/FontIcon.svelte. An attacker can execute arbitrary JavaScript in a victim’s browser, or...

CVE-2026-29014

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

Multiple vulnerabilities in PostgreSQL affect PowerVM VIOS

IBM SECURITY ADVISORY First Issued: Thu Apr 2 15:29:58 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/postgresadvisory.asc Security Bulletin: Multiple vulnerabilities in PostgreSQL affect PowerVM VIOS...

Arbitrary Code Injection

org.springframework.ai:spring-ai-vector-store is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe use of user-supplied input as a filter expression key in SimpleVectorStore, which allows an attacker to inject malicious expressions and execute arbitrary code...

SourceCodester Simple Customer Relationship Management System 代码注入漏洞

SourceCodester Simple Customer Relationship Management System is a simple customer relationship management system developed under open source by SourceCodester. Version 1.0 of the SourceCodester Simple Customer Relationship Management System contains a code injection vulnerability. This...

itsourcecode Payroll Management System 代码注入漏洞

itsourcecode Payroll Management System is an open-source payroll management system developed by itsourcecode. Version 1.0 of the itsourcecode Payroll Management System has a code injection vulnerability. This vulnerability stems from improper handling of the page parameter in the /navbar.php file...

DbGate 代码注入漏洞

DbGate is an open-source database manager developed by DbGate. Versions of DbGate from 7.0.0 to 7.1.5 had a code injection vulnerability. This vulnerability occurred because SVG icon strings controlled by attackers were rendered as raw HTML without being cleaned properly, which could lead to...

Webkul Krayin CRM 代码注入漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Versions of Webkul Krayin CRM 2.2 and earlier contained a code injection vulnerability. This vulnerability stemmed from an error in the composeMail function of the...

Henan Xiaopi Panel 代码注入漏洞

Henan Xiaopi Panel is a Linux graphical interface developed by Henan Xiaopi in Henan, China. Version 1.0.0 of Henan Xiaopi Panel contains a code injection vulnerability. This vulnerability stems from improper handling of the parameter “param” in the file/demo.php of the component WAF Firewall,...

GHSA-R5FR-RJXR-66JC lodash vulnerable to Code Injection via `_.template` imports key names

Impact The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes untrusted input as options.imports key names, an attacker...