VulnCheck KEV: CVE-2026-29014

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

CVE-2026-29014

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

CVE-2026-29014

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

CVE-2026-29014

CVE-2026-29014 affects MetInfo CMS versions 7.9, 8.0, and 8.1 with an unauthenticated PHP code injection that enables remote code execution. The vulnerability arises from insufficient input neutralization in the execution path, allowing remote attackers to send crafted requests containing PHP cod...

PT-2026-29514

Name of the Vulnerable Software and Affected Versions MetInfo CMS versions 7.9 through 8.1 Description An unauthenticated PHP code injection flaw allows remote attackers to execute arbitrary code and gain full control over the affected server by sending crafted requests containing malicious PHP...

Exploit for Code Injection in Lubus Wp_Query_Console

CVE-2024-50498 / 0-Click RCE Exploit - Author: Joshua Provost...

CVE-2023-25614

SAP NetWeaver AS ABAP BSP Framework application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive...

CVE-2019-12774

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...

CVE-2025-0953

The CVE-2025-0953 entry concerns the SMTP for Sendinblue – YaySMTP WordPress plugin. It describes a Stored Cross-Site Scripting (XSS) flaw in versions up to 1.1.1 caused by insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts that execute when ...

CVE-2023-24522

Due to insufficient input sanitization, SAP NetWeaver AS ABAP Business Server Pages - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to...

CVE-2020-16147

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...

CVE-2020-16147

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...

Code injection

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...

CVE-2020-16147

The CVE-2020-16147 entry concerns Telmat AccessLog (versions ≤ 6.0, TAL_20180415). According to connected sources, the vulnerability stems from an incorrectly programmed call to an advanced local procedure in the login page, enabling an unauthenticated attacker to inject code over the network and...

CVE-2020-16147

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...

Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products

Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller ADC, Gateway, and SD-WAN WAN Optimization edition WANOP networking products. Successful exploitation of these critical flaws could let unauthenticated attackers...

CVE-2017-16721

A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code...