Lucene search
K

139 matches found

Positive Technologies
Positive Technologies
added 2025/04/11 12:0 a.m.5 views

PT-2025-16139 · Mediawiki · Mediawiki - Tabs Extension

Name of the Vulnerable Software and Affected Versions: Mediawiki - Tabs Extension versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability that allows Code Injection in the Mediawiki - Tabs Extension. Recommendations: For versions 1.39 through 1.4...

6.9CVSS6.5AI score0.00355EPSS
Exploits0References7
NVD
NVD
added 2025/04/07 3:15 p.m.14 views

CVE-2025-3248

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...

9.8CVSS0.99972EPSS
Exploits33References5
OSV
OSV
added 2025/04/07 3:15 p.m.15 views

CVE-2025-3248

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...

9.8CVSS7.7AI score0.99972EPSS
Exploits33References5
ATTACKERKB
ATTACKERKB
added 2025/04/07 12:0 a.m.17 views

CVE-2025-3248

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Valu...

9.8CVSS8.4AI score0.99972EPSS
In wildExploits33References5
OSV
OSV
added 2025/04/03 4:15 p.m.6 views

CVE-2025-3163

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has...

7.8CVSS7.8AI score
Exploits0References5
CVE
CVE
added 2025/04/03 3:31 p.m.58 views

CVE-2025-3163

CVE-2025-3163 affects InternLM LMDeploy up to version 0.7.1. The vulnerability targets the function Open in lmdeploy/docs/en/conf.py, where input manipulation leads to arbitrary code execution. The issue enables a local-host attack, and public disclosure of the exploit is noted in multiple source...

7.8CVSS7.5AI score0.00338EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/20 4:42 p.m.25 views

CVE-2024-21760

An improper control of generation of code 'Code Injection' vulnerability CWE-94 in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code...

8.4CVSS8AI score0.00743EPSS
Exploits0References1
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-10252

A vulnerability in langgenius/dify versions =v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading to the deletion of...

8.8CVSS0.00749EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:10 a.m.42 views

CVE-2024-10950

CVE-2024-10950 affects binary-husky/gpt_academic ≤ 3.83, via the CodeInterpreter plugin. The root cause is prompt injection that causes untrusted prompts to generate code executed without a sandbox, enabling remote code execution (RCE) on the application backend server. The described impact is fu...

8.8CVSS9.2AI score0.01348EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-2054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Code Injection in GitHub repository nuitka/nuitka prior to 0.9. CVE-2022-2054 Note that Nessus relies on the presence of the package as reported by the vendor...

8.4CVSS7.2AI score0.00526EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-12761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS...

7.5CVSS7.5AI score0.02105EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-16255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the command argument to Shell or Shelltest in...

8.1CVSS6.9AI score0.04221EPSS
Exploits1References3
NVD
NVD
added 2025/02/11 11:15 a.m.4 views

CVE-2024-53977

A vulnerability has been identified in ModelSim All versions V2025.1, Questa All versions V2025.1. An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inje...

7.8CVSS0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:28 p.m.10 views

CVE-2022-2014

Code Injection in GitHub repository jgraph/drawio prior to 19.0.2...

9.6CVSS7.2AI score0.00698EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:12 p.m.8 views

CVE-2024-35767

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through 1.4...

9.1CVSS7.1AI score0.00489EPSS
Exploits0
CVE
CVE
added 2024/12/26 1:0 p.m.50 views

CVE-2024-12952

CVE-2024-12952 affects melMass comfy_mtb up to 0.1.4. The vulnerability resides in the Dependency Handler’s run_command function (comfy_mtb/endpoint.py) and allows remote code injection. Public exploit details exist, and a patch is available: d6e004cce2c32f8e48b868e66b89f82da4887dc3. Affected ver...

6.5CVSS7AI score0.00491EPSS
Exploits0References7
NVD
NVD
added 2024/12/19 5:15 p.m.42 views

CVE-2024-12789

A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has...

9.8CVSS0.00518EPSS
Exploits0References4
CVE
CVE
added 2024/12/19 4:31 p.m.108 views

CVE-2024-12789

PbootCMS versions up to 3.2.3 contain a code injection vulnerability in an unspecified portion of apps/home/controller/IndexController.php. The issue arises from improper handling of the tag parameter, enabling arbitrary code execution and remote exploitation. The vulnerability has been publicly ...

9.8CVSS6.9AI score0.00518EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/10 9:20 a.m.7 views

Security Bulletin: User can inject the suspected code via URL passed

Summary A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to cod...

8.9AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/07 12:0 a.m.4 views

PT-2024-31895 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RuoYi versions 4.7.9 and earlier Description: The issue allows escaping from comments within the code generation feature, enabling the injection of malicious code. This flaw can be exploited to inject malicious code into the system...

9.8CVSS6.5AI score0.00492EPSS
Exploits0References8
Rows per page
Query Builder