Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,515)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-6697 1Wegia 1Wegia Jun 17, 2026 Jun 26, 2025 2.0 LOW· v4 4.1 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /html/matPat/adicionar_tipoEntrada.php of the componen...Show more A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /html/matPat/adicionar_tipoEntrada.php of the component Adicionar tipo. The manipulation of the argument Insira o novo tipo leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-6696 1Wegia 1Wegia Jun 17, 2026 Jun 26, 2025 2.0 LOW· v4 4.1 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been classified as problematic. Affected is an unknown function of the file /html/atendido/Cadastro_Atendido.php of the component Cadastro de Atendio. The...Show more A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been classified as problematic. Affected is an unknown function of the file /html/atendido/Cadastro_Atendido.php of the component Cadastro de Atendio. The manipulation of the argument Nome/Sobrenome leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This is a different issue than CVE-2025-22615. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-53002 1Hiyouga 1Llama Factory Jun 17, 2026 Jun 26, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulner...Show more LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the `vhead_file` is loaded without proper safeguards, allowing malicious attackers to execute arbitrary malicious code on the host system simply by passing a malicious `Checkpoint path` parameter through the `WebUI` interface. The attack is stealthy, as the victim remains unaware of the exploitation. The root cause is that the `vhead_file` argument is loaded without the secure parameter `weights_only=True`. Version 0.9.4 contains a fix for the issue.Show less
CVE-2025-6695 1Wegia 1Wegia Jun 17, 2026 Jun 26, 2025 2.0 LOW· v4 4.1 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the file /html/matPat/adicionar_categoria.php of the component Additional Categoria. T...Show more A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the file /html/matPat/adicionar_categoria.php of the component Additional Categoria. The manipulation of the argument Insira a nova categoria leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-6694 1Wegia 1Wegia Jun 17, 2026 Jun 26, 2025 2.0 LOW· v4 4.1 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vulnerability affects unknown code of the file /html/matPat/adicionar_unidade.php of the component Adicionar Unidade. The...Show more A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vulnerability affects unknown code of the file /html/matPat/adicionar_unidade.php of the component Adicionar Unidade. The manipulation of the argument Insira a nova unidade leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-6613 1Anujk305 1Hospital Management System Jun 17, 2026 Jun 25, 2025 2.0 LOW· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the...Show more A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-37743 1Mmz 001 1Knowledgegpt Jun 17, 2026 Jun 24, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component.
CVE-2025-23265 1Nvidia 1Megatron Lm Jun 17, 2026 Jun 24, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to...Show more NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.Show less
CVE-2025-23264 1Nvidia 1Megatron Lm Jun 17, 2026 Jun 24, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to...Show more NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.Show less
CVE-2025-6569 1Fabian 1School Fees Payment System Jun 17, 2026 Jun 24, 2025 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. Affected by this vulnerability is an unknown functionality of the file /student.php. The manipulation of the argument s...Show more A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. Affected by this vulnerability is an unknown functionality of the file /student.php. The manipulation of the argument sname/contact/about/emailid/transcation_remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-6551 1Java Aodeng 1Hope Boot Jun 17, 2026 Jun 24, 2025 2.0 LOW· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the arg...Show more A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the argument errorMsg leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-47030 1Ncr 1Terminal Handler Jun 17, 2026 Jun 23, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists.
CVE-2025-6509 - - Jun 17, 2026 Jun 23, 2025 2.0 LOW· v4 3.5 LOW· v3 4.0 MEDIUM· v2 A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/...Show more A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.Show less
CVE-2023-47032 1Ncr 1Terminal Handler Jun 17, 2026 Jun 23, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.
CVE-2023-48978 1Ncr 1Itm Web Terminal Jun 17, 2026 Jun 23, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.
CVE-2025-6512 - - Jun 17, 2026 Jun 23, 2025 N/A· v4 10.0 CRITICAL· v3 N/A· v2 On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.
CVE-2025-6477 1Razormist 1Student Result Management System Jun 17, 2026 Jun 22, 2025 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/admin/system of the co...Show more A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/admin/system of the component System Settings Page. The manipulation of the argument School Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-6475 1Razormist 1Student Result Management System Jun 17, 2026 Jun 22, 2025 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/admin/manage_students of the component Manage...Show more A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/admin/manage_students of the component Manage Students Module. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-6473 1Fabian 1School Fees Payment System Jun 17, 2026 Jun 22, 2025 2.1 LOW· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability, which was classified as problematic, was found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /fees.php. The manipulation of the argument transcation_remark lea...Show more A vulnerability, which was classified as problematic, was found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /fees.php. The manipulation of the argument transcation_remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-6452 1Codeastro 1Patient Record Management System Jun 17, 2026 Jun 22, 2025 1.9 LOW· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A vulnerability was found in CodeAstro Patient Record Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Generate New Report Page. The manipulation of the...Show more A vulnerability was found in CodeAstro Patient Record Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Generate New Report Page. The manipulation of the argument Patient Name/Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less

Previous 1...848586...326 Next