High
CVSS: 8.8
In the `manim` plugin of binary-husky/gpt_academic, versions prior to the fix, a vulnerability exists due to improper handling of user-provided prompts. The root cause is the execution of untrusted code generated by the LLM without a proper…
High
CVSS: 8.8
In binary-husky/gpt_academic version
High
CVSS: 7.5
In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large f…
High
CVSS: 7.2
A vulnerability in langgenius/dify versions
Critical
CVSS: 9.8
An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration.
Critical
CVSS: 9.8
An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file.
High
CVSS: 8.4
An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacke…
Unknown
CVSS: -
Improper Control of Generation of Code ('Code Injection') vulnerability in colabrio Ohio Extra ohio-extra allows Code Injection.This issue affects Ohio Extra: from n/a through
High
CVSS: 8.6
The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation…
Medium
CVSS: 5.5
File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header.
High
CVSS: 7.3
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to…
Critical
CVSS: 9.0
graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (…
High
CVSS: 8.8
Plenti
High
CVSS: 7.7
LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when…
High
CVSS: 7.3
The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary…
High
CVSS: 7.3
The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This is due to the software allowing users to execute an action that…
Unknown
CVSS: -
Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Fresh Framework fresh-framework allows Code Injection.This issue affects Fresh Framework: from n/a through
Critical
CVSS: 9.3
A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code.
Vendor commented out vulnerable line, further usage of…
Medium
CVSS: 4.3
The The Code Snippets CPT plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.1.0. This is due to the software allowing users to execute an action that does not properly validate a val…
High
CVSS: 7.2
The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possibl…