2430 matches found
CVE-2025-8417
The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection in all versions up to, and including, 5.1.4. This is due to reliance on a guessable numeric token e.g. ?key= 900001705 without proper authentication, combined with the unsafe use of eval on...
CVE-2025-8417 Catalog Importer, Scraper & Crawler <= 5.1.4 - Unauthenticated PHP Code Injection
The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection in all versions up to, and including, 5.1.4. This is due to reliance on a guessable numeric token e.g. ?key= 900001705 without proper authentication, combined with the unsafe use of eval on...
CVE-2025-8417
CVE-2025-8417 affects the WordPress plugin Catalog Importer, Scraper & Crawler (versions
WordPress plugin Catalog Importer Scraper Crawler 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...
PT-2025-37127
Name of the Vulnerable Software and Affected Versions: Catalog Importer, Scraper & Crawler plugin for WordPress versions through 5.1.4 Description: The Catalog Importer, Scraper & Crawler plugin for WordPress is susceptible to PHP code injection due to reliance on a guessable numeric token e.g.,...
vulnerable-python-poc-exploit
Отчет по анализу уязвимостей Python приложения vulnerable...
Linux Distros Unpatched Vulnerability : CVE-2022-40871
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP & CRM =15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully...
Linux Distros Unpatched Vulnerability : CVE-2017-12963
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an illegal address access in Sass::Eval::operator in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to...
Linux Distros Unpatched Vulnerability : CVE-2017-12964
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator in eval.cpp. It will lead to a remote denial of servi...
Linux Distros Unpatched Vulnerability : CVE-2017-11555
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service...
Linux Distros Unpatched Vulnerability : CVE-2024-42845
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code...
Linux Distros Unpatched Vulnerability : CVE-2020-15591
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fexsrv in FEX aka Frams' Fast File EXchange before fex-201609192 allows eval injection for unauthenticated remote code execution. CVE-2020-15591 Note that Nessu...
TOTOLINK A3002R eval function command injection vulnerability
The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. TOTOLINK A3002R suffers from a command injection vulnerability that stems from the presence of command...
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs
Dear Maintainers, I am writing to you on behalf of the Tencent AI Sec. We have identified a potential vulnerability in one of your products and would like to report it to you for further investigation and mitigation. Summary The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of...
vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder
Summary An unsafe deserialization vulnerability allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. Details vLLM's Qwen3 Coder tool parser contains a code execution path that uses Python's eval...
The Silent, Fileless Threat of VShell
The Silent, Fileless Threat of VShell By Sagar Bade · August 21, 2025 Introduction Linux environments are often seen as bastions of security, favored by developers, sysadmins, and security professionals for their stability, transparency, and resistance to malware. Compared to Windows, the attack...
PT-2025-34260 · Unknown +1 · Qwen3 Coder +1
Name of the Vulnerable Software and Affected Versions: vLLM affected versions not specified Description: An unsafe deserialization allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. The issue...
CVE-2011-10026 Spreecommerce < 0.50.x API RCE
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...
CVE-2011-10026
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...
CVE-2025-50567
Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare function, which uses pregreplace with the deprecated /e eval modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code...