EUVD-2026-11395

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...

CVE-2026-32124 OpenEMR: Dynamic Code Picker Renders Unescaped Descriptions (Stored XSS)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...

Exploit for Improper Control of Dynamically-Managed Code Resources in Apache Airflow_Providers_Http

CVE-2025-69219 — Apache Airflow Providers HTTP RCE via Unsafe...

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained a cross-site...

PT-2026-24845

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions code text that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or use...

Crafter CMS has Improper Control of Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

CrafterCMS 安全漏洞

CrafterCMS is a Java-based CMS developed by CrafterCMS Inc. There is a security vulnerability in CrafterCMS, which stems from improper control over dynamically managed code resources. This vulnerability could allow authenticated developers to bypass sandbox restrictions and execute OS commands...

CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 CVSS score: 6.5, affects all versions of the module prior to version 2.3.0, whic...

CVE-2026-1245

CVE-2026-1245 is a code-injection vulnerability in the binary-parser library, affecting versions prior to 2.3.0. The issue arises from unsanitized values used in parser field names or encoding parameters, which are directly interpolated into dynamically generated code (via the Function constructo...

Exploit for Improper Control of Dynamically-Managed Code Resources in N8N

Poc Proof of Concept 1. Open n8n in your browser -...

Improper Control of Dynamically-Managed Code Resources

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the workflow expression evaluation system. An authenticated attacker can execute arbitrary code with the privileges of the underlying...

CVE-2025-14695 SamuNatsu HaloBot Inter-plugin API index.js html_renderer dynamically-managed code resources

A vulnerability was determined in SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b. Affected is the function htmlrenderer of the file plugins/htmlrenderer/index.js of the component Inter-plugin API. Executing manipulation of the argument action can lead to dynamically-managed code...

CVE-2025-14695 SamuNatsu HaloBot Inter-plugin API index.js html_renderer dynamically-managed code resources

A vulnerability was determined in SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b. Affected is the function htmlrenderer of the file plugins/htmlrenderer/index.js of the component Inter-plugin API. Executing manipulation of the argument action can lead to dynamically-managed code...

CVE-2025-14695

This CVE concerns SamuNatsu HaloBot, affecting the Inter-plugin API component. The vulnerability is in plugins/html_renderer/index.js, within the html_renderer function, where manipulation of the action argument can result in dynamically-managed code resources. The issue is exploitable remotely a...

HaloBot 安全漏洞

HaloBot is a robotics framework by the individual developers at SNRainiar. A security vulnerability exists in HaloBot, which stems from the incorrect manipulation of the parameter action in the file plugins/htmlrenderer/index.js, which could lead to dynamically managed code resources...

CVE-2025-13659

Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required...

Synology DiskStation Manager (DSM) Privilege Escalation (Synology-SA-24:27) - Remote Known Vulnerable Versions Check

Synology DiskStation Manager DSM is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

CVE-2025-12637

The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the processtheme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...