CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Monthly
Code injection in NousResearch hermes-agent 2026.4.23 allows remote unauthenticated attackers to inject and execute arbitrary code through the _scan_context_content function in agent/prompt_builder.py. The vulnerability has publicly available exploit code and affects all versions up to 2026.4.23, with the vendor failing to respond to disclosure attempts.
Remote injection vulnerability in NousResearch hermes-agent versions up to 2026.4.23 enables unauthenticated attackers to inject malicious payloads through the Skills Guard component's multi-word prompt handling mechanism. The vulnerability has publicly available exploit code and allows attackers to achieve limited confidentiality, integrity, and availability impacts without user interaction. Despite early vendor notification, no response or patch has been provided.
Unauthenticated remote code execution in the Avada Builder (fusion-builder) WordPress plugin versions up to and including 3.15.2 allows attackers to execute arbitrary PHP on affected sites by abusing an unsanitized call_user_func() invocation reachable through a public AJAX endpoint. Wordfence-reported issue affects any WordPress site running the Avada theme stack that exposes a Post Cards or Table of Contents element on a public page, since the protecting nonce is deterministically leaked in the page's JavaScript. No public exploit identified at time of analysis, but the CVSS 9.8 rating and trivial precondition (visiting one page that emits the nonce) make this high-priority.
Remote code execution as root in Cisco ThousandEyes Virtual Appliance is achievable by any authenticated administrator through a crafted SSL certificate upload. The flaw stems from CWE-74 injection in the certificate handling subsystem, where user-supplied certificate data is not adequately sanitized before being processed by the underlying OS. Despite a CVSS score of 4.7 (Medium), the actual post-exploitation impact is severe - root-level OS access - though the PR:H prerequisite substantially constrains the realistic attack surface. No public exploit code or CISA KEV listing has been identified at time of analysis.
Argument injection in litemall Database Setting Handler allows authenticated administrators with high privileges to inject malicious arguments into database backup/load operations, potentially exposing sensitive database credentials or altering backup behavior. Publicly disclosed exploit code exists (CVSS:4.0 E:P), but vendor has not responded to disclosure. EPSS data not available; low CVSS base score (2.0) reflects high privilege requirement (PR:H) limiting widespread exploitation despite network attack vector.
SQL injection in linlinjava litemall 1.8.0 and earlier allows high-privileged remote attackers to read and modify database contents via crafted requests to multiple Admin Endpoint functions. Public exploit code available (EPSS probability unknown from provided data). Attack requires administrative credentials (PR:H) but achieves confidentiality, integrity, and availability impact on vulnerable component (VC:L/VI:L/VA:L). Despite CVSS 4.0 score of 2.0 (Low severity due to high privilege requirement), the existence of public POC and lack of vendor response elevates practical risk for installations where admin accounts may be compromised.
SQL injection in litemall WeChat API allows unauthenticated remote attackers to extract, modify, or delete database contents via crafted queries to the goods listing endpoint. Publicly available exploit code exists targeting the WxGoodsController.list() function in versions up to 1.8.0. Vendor unresponsive to disclosure. EPSS data unavailable, but public POC and network accessibility (CVSS AV:N/AC:L/PR:N) indicate moderate exploitation risk for exposed instances.
SQL injection in Marten's PostgreSQL full-text search APIs allows remote unauthenticated attackers to execute arbitrary database commands when applications pass user-controlled input to the regConfig parameter. The vulnerability affects all five search method overloads (SearchAsync, PlainTextSearchAsync, PhraseSearchAsync, WebStyleSearchAsync, PrefixSearchAsync) where the regConfig parameter is interpolated directly into SQL without validation. Confirmed exploit payloads demonstrate time-based blind extraction, information disclosure via SELECT statements, and DDL execution including table drops. Vendor-released patch available in Marten 8.37.0 via GitHub PR #4343. No public exploit identified at time of analysis, though the advisory includes working proof-of-concept payloads for all affected methods.
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
Code injection in NousResearch hermes-agent 2026.4.23 allows remote unauthenticated attackers to inject and execute arbitrary code through the _scan_context_content function in agent/prompt_builder.py. The vulnerability has publicly available exploit code and affects all versions up to 2026.4.23, with the vendor failing to respond to disclosure attempts.
Remote injection vulnerability in NousResearch hermes-agent versions up to 2026.4.23 enables unauthenticated attackers to inject malicious payloads through the Skills Guard component's multi-word prompt handling mechanism. The vulnerability has publicly available exploit code and allows attackers to achieve limited confidentiality, integrity, and availability impacts without user interaction. Despite early vendor notification, no response or patch has been provided.
Unauthenticated remote code execution in the Avada Builder (fusion-builder) WordPress plugin versions up to and including 3.15.2 allows attackers to execute arbitrary PHP on affected sites by abusing an unsanitized call_user_func() invocation reachable through a public AJAX endpoint. Wordfence-reported issue affects any WordPress site running the Avada theme stack that exposes a Post Cards or Table of Contents element on a public page, since the protecting nonce is deterministically leaked in the page's JavaScript. No public exploit identified at time of analysis, but the CVSS 9.8 rating and trivial precondition (visiting one page that emits the nonce) make this high-priority.
Remote code execution as root in Cisco ThousandEyes Virtual Appliance is achievable by any authenticated administrator through a crafted SSL certificate upload. The flaw stems from CWE-74 injection in the certificate handling subsystem, where user-supplied certificate data is not adequately sanitized before being processed by the underlying OS. Despite a CVSS score of 4.7 (Medium), the actual post-exploitation impact is severe - root-level OS access - though the PR:H prerequisite substantially constrains the realistic attack surface. No public exploit code or CISA KEV listing has been identified at time of analysis.
Argument injection in litemall Database Setting Handler allows authenticated administrators with high privileges to inject malicious arguments into database backup/load operations, potentially exposing sensitive database credentials or altering backup behavior. Publicly disclosed exploit code exists (CVSS:4.0 E:P), but vendor has not responded to disclosure. EPSS data not available; low CVSS base score (2.0) reflects high privilege requirement (PR:H) limiting widespread exploitation despite network attack vector.
SQL injection in linlinjava litemall 1.8.0 and earlier allows high-privileged remote attackers to read and modify database contents via crafted requests to multiple Admin Endpoint functions. Public exploit code available (EPSS probability unknown from provided data). Attack requires administrative credentials (PR:H) but achieves confidentiality, integrity, and availability impact on vulnerable component (VC:L/VI:L/VA:L). Despite CVSS 4.0 score of 2.0 (Low severity due to high privilege requirement), the existence of public POC and lack of vendor response elevates practical risk for installations where admin accounts may be compromised.
SQL injection in litemall WeChat API allows unauthenticated remote attackers to extract, modify, or delete database contents via crafted queries to the goods listing endpoint. Publicly available exploit code exists targeting the WxGoodsController.list() function in versions up to 1.8.0. Vendor unresponsive to disclosure. EPSS data unavailable, but public POC and network accessibility (CVSS AV:N/AC:L/PR:N) indicate moderate exploitation risk for exposed instances.
SQL injection in Marten's PostgreSQL full-text search APIs allows remote unauthenticated attackers to execute arbitrary database commands when applications pass user-controlled input to the regConfig parameter. The vulnerability affects all five search method overloads (SearchAsync, PlainTextSearchAsync, PhraseSearchAsync, WebStyleSearchAsync, PrefixSearchAsync) where the regConfig parameter is interpolated directly into SQL without validation. Confirmed exploit payloads demonstrate time-based blind extraction, information disclosure via SELECT statements, and DDL execution including table drops. Vendor-released patch available in Marten 8.37.0 via GitHub PR #4343. No public exploit identified at time of analysis, though the advisory includes working proof-of-concept payloads for all affected methods.
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.