139 matches found
PT-2025-16139 · Mediawiki · Mediawiki - Tabs Extension
Name of the Vulnerable Software and Affected Versions: Mediawiki - Tabs Extension versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability that allows Code Injection in the Mediawiki - Tabs Extension. Recommendations: For versions 1.39 through 1.4...
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Valu...
CVE-2025-3163
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has...
CVE-2025-3163
CVE-2025-3163 affects InternLM LMDeploy up to version 0.7.1. The vulnerability targets the function Open in lmdeploy/docs/en/conf.py, where input manipulation leads to arbitrary code execution. The issue enables a local-host attack, and public disclosure of the exploit is noted in multiple source...
CVE-2024-21760
An improper control of generation of code 'Code Injection' vulnerability CWE-94 in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code...
CVE-2024-10252
A vulnerability in langgenius/dify versions =v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading to the deletion of...
CVE-2024-10950
CVE-2024-10950 affects binary-husky/gpt_academic ≤ 3.83, via the CodeInterpreter plugin. The root cause is prompt injection that causes untrusted prompts to generate code executed without a sandbox, enabling remote code execution (RCE) on the application backend server. The described impact is fu...
Linux Distros Unpatched Vulnerability : CVE-2022-2054
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Code Injection in GitHub repository nuitka/nuitka prior to 0.9. CVE-2022-2054 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2019-12761
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS...
Linux Distros Unpatched Vulnerability : CVE-2019-16255
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the command argument to Shell or Shelltest in...
CVE-2024-53977
A vulnerability has been identified in ModelSim All versions V2025.1, Questa All versions V2025.1. An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inje...
CVE-2022-2014
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2...
CVE-2024-35767
Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through 1.4...
CVE-2024-12952
CVE-2024-12952 affects melMass comfy_mtb up to 0.1.4. The vulnerability resides in the Dependency Handler’s run_command function (comfy_mtb/endpoint.py) and allows remote code injection. Public exploit details exist, and a patch is available: d6e004cce2c32f8e48b868e66b89f82da4887dc3. Affected ver...
CVE-2024-12789
A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2024-12789
PbootCMS versions up to 3.2.3 contain a code injection vulnerability in an unspecified portion of apps/home/controller/IndexController.php. The issue arises from improper handling of the tag parameter, enabling arbitrary code execution and remote exploitation. The vulnerability has been publicly ...
Security Bulletin: User can inject the suspected code via URL passed
Summary A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to cod...
PT-2024-31895 · Ruoyi · Ruoyi
Name of the Vulnerable Software and Affected Versions: RuoYi versions 4.7.9 and earlier Description: The issue allows escaping from comments within the code generation feature, enabling the injection of malicious code. This flaw can be exploited to inject malicious code into the system...