PT-2025-28389 · Unknown · Tia Administrator

Name of the Vulnerable Software and Affected Versions: TIA Administrator versions prior to 3.0.6 Description: A vulnerability has been identified in the affected application, where it improperly validates code signing certificates. This could allow an attacker to bypass the check and execute...

WordPress plugin Alone 代码注入漏洞

WordPress Alone is a theme designed for nonprofit organizations, primarily for the WordPress platform. WordPress Alone suffers from a code injection vulnerability that stems from improper code generation controls, no details of the vulnerability are provided at this time...

IBM Cognos Analytics 安全漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist organizations in adjusting their decisions by analyzing such things as key factors and key people. A security...

The vulnerability of the functional module of the RFC interface of the software tool for managing changes and migrations in SAP Landscape Transformation (SLT) allows a attacker to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the functional module of the RFC interface of the software tool for managing changes and migrations in SAP Landscape Transformation SLT is related to improper code generation. Exploiting this vulnerability can allow an attacker to influence the confidentiality, integrity, and...

The vulnerability of the SAP NetWeaver Application ABAP software integration platform’s server, related to improper code generation management, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the SAP NetWeaver Application ABAP software integration platform is related to incorrect code generation management. Exploiting this vulnerability allows an attacker to influence the confidentiality, integrity, and accessibility of protected information...

CVE-2023-1097

Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party...

The vulnerability of the software for centralized backup and disaster recovery management in Dell PowerProtect Data Manager arises from improper code generation. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the software for centralized backup and disaster recovery management in Dell PowerProtect Data Manager is related to improper code generation. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the application interface for managing the lifecycle of mobile devices and Ivanti Endpoint Manager Mobile (EPMM) (formerly MobileIron Core) allows a perpetrator to execute arbitrary code.

The vulnerability of the application interface for managing the lifecycle of mobile devices and Ivanti Endpoint Manager Mobile EPMM formerly MobileIron Core is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

WordPress plugin MapSVG Lite 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin Ultimate Member 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

The vulnerability of the WebKit component in the Safari browser, available on iOS operating systems, macOS Sonoma, iPadOS, and tvOS, allows a hacker to execute arbitrary code.

The vulnerability of the WebKit component in the Safari browser, as well as in the iOS and macOS Sonoma operating systems, iPadOS, and tvOS, is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Dropbox’s repository in the virtual learning environment Moodle allows a perpetrator to execute arbitrary code.

The vulnerability of Dropbox’s virtual learning environment Moodle is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the eval() function in Cloud Deployment modules and the Query Tool, a database management tool for pgAdmin 4, allows a hacker to execute arbitrary code.

The vulnerability of the eval function in the Cloud Deployment and Query Tool modules of the pgAdmin 4 database management tool is related to improper code generation during processing of endpoints like /sqleditor/querytool/download and /cloud/deploy, when the querycommited and highavailability...

CVE-2025-23251

NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to improper code generation, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to improper code generation. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the JDBC driver configuration of the Kylin data processing platform allows a hacker to execute arbitrary code.

The vulnerability of the JDBC driver configuration of the Kylin data processing platform is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Fortinet FortiSOAR 代码注入漏洞

Fortinet FortiSOAR is a Security Orchestration, Automation and Response SOAR solution from Fortinet. A code injection vulnerability exists in Fortinet FortiSOAR that stems from improper code generation controls and can be exploited by an attacker to cause arbitrary code to be executed...

The vulnerability of the Windows operating system’s Search service allows a perpetrator to escalate their privileges.

The vulnerability of the Windows operating system’s Search service is related to improper code generation management. Exploiting this vulnerability can allow attackers to enhance their privileges...

IBM Security Verify Access 代码注入漏洞

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. A code injection vulnerability exists in IBM Security Verify Access versions 10.0.0.0 through 10.0.0.9 and 11.0.0.0, which stems from improper restrictions on code generation...

The vulnerability in the kernel of operating systems such as macOS, iOS, iPadOS, watchOS, tvOS, and visionOS allows attackers to escalate their privileges and execute arbitrary code.

The vulnerability of the kernel in operating systems such as macOS, iOS, iPadOS, watchOS, tvOS, and visionOS is related to improper code generation. Exploiting this vulnerability can allow attackers to increase their privileges and execute arbitrary code...