Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects Code Engine: from n/a through <= 0.3.3.
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text Proce
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evalu
WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Watc
A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function child_process.exec of the file run.js. The manipulation results in os command injection. The attack
A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable.
An OS command injection vulnerability exists due to insufficient
sanitization of user-supplied input. The application accepts parameters
that are later incorporated into OS commands without adequate
LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management i
An OS command injection vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling an authenticated attacker to achieve remote code
execution on the system by modifying malicious input inje
A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Shareable P
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHo
A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files
Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploit
Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installati
A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can be
Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted
A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead
Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction AP
← Previous Page 5