CVE-2026-0769 Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability

Langflow evalcustomcomponentcode Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

WordPress Child Themes plugin cross-site scripting vulnerability

WordPress Child Themes plugin is mainly used to simplify the creation and management of child themes, through automation tools to help users quickly generate child themes based on the parent theme. A cross-site scripting vulnerability exists in the WordPress Child Themes plugin, which stems from...

EUVD-2016-2989

Malware in sbrugna...

EUVD-2023-34933

Malicious code in bioql PyPI...

EUVD-2023-34934

Malicious code in bioql PyPI...

EUVD-2023-34938

Malicious code in bioql PyPI...

WordPress Social Media Shortcodes plugin cross-site scripting vulnerability

WordPress Social Media Shortcodes plugin is a shortcode Shortcodes to quickly embed social media features into the WordPress website plugin, mainly used to simplify the implementation of social media sharing, login, comments and other features. A cross-site scripting vulnerability exists in the...

Microsoft Visual Studio Code 安全漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A security vulnerability exists in Microsoft Visual Studio Code that originates from insufficiently filtered or validated user-supplied data and can be exploited by an attacker to remotely execute arbitrary code...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the dataAddonlayouts and dataAddonlayoutsexcept parameters at /apprain/developer/addons/update/commonresource. An attacker can execute arbitrary JavaScript code in the...

CVE-2025-34073

An unauthenticated command injection vulnerability exists in stamparm/maltrail Maltrail versions =0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. This occurs due to unsafe handling of user-supplied input...

WordPress plugin CodePen Embed Block 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CodePen Embed Block plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

CVE-2023-30605

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the variablename and variablevalue parameter value in the sql/instance.py paramedit endpoint is...

GHSA-785H-76CM-CPMF Django TomSelect incomplete escaping of dangerous characters in widget attributes

Summary User supplied values passed through to certain attributes in form widgets are not fully escaped for potentially dangerous tokens, and in some cases are rendered in browser as valid html tags. Details Attributes passed to the widget such as labelfield containing , and similar tokens are no...

CVE-2023-22522

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution RCE on an affected instance. Publicly accessible Confluence Da...

PT-2023-27483 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this issue. The specific flaw...

CVE-2023-30557

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the datadictionary.py tableinfo. User input coming from the dbname in a...

CVE-2023-30558 Multiple SQL injections in sql/data_dictionary.py table_list method in Archery - GHSL-2022-105

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...

CVE-2023-30553 Multiple SQL injections in sql_api/api_workflow.py endpoint in Archery - GHSL-2022-102

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the sqlapi/apiworkflow.py endpoint ExecuteCheck. User input...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation. Remediation There is no fixed version for com.bstek.uflo:uflo-core...

ShopXO Command Injection Vulnerability

ShopXO is an open source enterprise-level open source e-commerce system. A command injection vulnerability exists in ShopXO v1.8.1. The vulnerability stems from the user input structure to execute the command process, the network system or product fails to correctly filter the special characters,...