CWE-74: Injection

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers to obtain the host's Function constructor and exec...

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attackers can bypass JavaScript sandboxing by shadowing...

This critical vulnerability in Cisco Secure Firewall Management Center allows unauthenticated remote attackers to execute arbitrary shell commands wit...

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC allows attackers to execute arbitrary commands as root without credent...

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers to execute arbitrary commands as root without cre...

This vulnerability in Flatpak allows malicious or compromised applications using persistent directories to escape sandbox restrictions and access/writ...

This CVE describes a critical remote code execution vulnerability in Pro Macros for XWiki. Attackers with view rights on specific pages or edit/commen...

This vulnerability allows malicious snaps to inject terminal input via TIOCLINUX ioctl, potentially executing arbitrary commands outside the snap sand...

CVE-2022-24760 is a critical Remote Code Execution vulnerability in Parse Server caused by prototype pollution in DatabaseController.js. It allows att...

CVE-2021-41163 is a critical remote code execution vulnerability in Discourse that allows attackers to execute arbitrary code on affected servers thro...

CVE-2021-21242 is a critical pre-authentication remote code execution vulnerability in OneDev devops platform. Attackers can exploit insecure deserial...

This vulnerability in OneDev allows unauthenticated remote code execution via insecure deserialization in Kubernetes REST endpoints. Attackers can exp...

CVE-2020-26282 is a critical Server-Side Template Injection vulnerability in BrowserUp Proxy that allows unauthenticated attackers to inject arbitrary...

CVE-2024-46986 is an arbitrary file write vulnerability in Camaleon CMS that allows authenticated users to write files to any location on the web serv...

This vulnerability in XWiki Platform allows attackers with view rights on the SkinsCode.XWikiSkinsSheet document to escalate privileges to programming...

CVE-2023-36470 is a critical remote code execution vulnerability in XWiki Platform that allows attackers to inject and execute malicious code with pro...

This vulnerability allows authenticated users without script or programming rights to execute arbitrary Groovy code on XWiki servers by adding malicio...

This vulnerability in XWiki Platform allows attackers to bypass access controls and execute arbitrary code through specially crafted comments containi...

This vulnerability allows any user with edit access to at least one document (including their own profile by default) to inject malicious code through...

CVE-2023-29514 is a critical remote code execution vulnerability in XWiki Platform where any user with document edit rights can execute arbitrary code...

CVE-2023-29516 is a critical remote code execution vulnerability in XWiki Platform where any user with view rights on the XWiki.AttachmentSelector pag...

This vulnerability allows any user with view rights in XWiki Platform to execute arbitrary Groovy, Python, or Velocity code, leading to full compromis...

CVE-2023-29522 is a critical remote code execution vulnerability in XWiki Platform that allows any user with view rights to execute arbitrary script m...

CVE-2023-25616 is a code injection vulnerability in SAP Business Objects Business Intelligence Platform's Central Management Console (CMC) that allows...

CVE-2023-27479 is a critical remote code execution vulnerability in XWiki Platform where any user with view rights can execute arbitrary Groovy, Pytho...

This CVE describes a command injection vulnerability in EntoneWebEngine used by Amino Communications set-top boxes. Authenticated remote attackers can...

CVE-2026-27194 is a remote code execution vulnerability in D-Tale's /save-column-filter endpoint that allows attackers to execute arbitrary code on vu...

PlaciPy version 1.0.0 passes user-controlled query parameters directly into DynamoDB query/filter construction without validation or sanitization. Thi...

This is a critical command injection vulnerability in Shiguangwu sgwbox N3 version 2.0.25 that allows remote attackers to execute arbitrary commands o...

This vulnerability allows remote attackers to execute arbitrary commands on Shiguangwu sgwbox N3 devices through command injection in the NETREBOOT In...

This vulnerability allows remote attackers to execute arbitrary commands on Shiguangwu sgwbox N3 NAS devices through command injection in the SHARESER...

This CVE describes a JNDI injection vulnerability in Dataease, an open-source data visualization tool. Attackers can exploit this to execute arbitrary...

A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code by manipulating the Host header in HTTP re...

This vulnerability allows remote attackers to execute arbitrary commands on DataEase servers by crafting malicious H2 database connection strings. Any...

CVE-2024-46983 is a critical deserialization vulnerability in SOFA Hessian that allows attackers to bypass blacklist protections and execute arbitrary...

This vulnerability allows unauthenticated attackers to execute arbitrary code or perform directory traversal attacks on affected GL-iNet routers via t...

This vulnerability allows remote attackers to execute arbitrary code on clients running vulnerable versions of Melty Blood: Actress Again: Current Cod...

This vulnerability allows unauthenticated attackers to execute arbitrary code on skycaiji 2.8 systems by sending specially crafted POST requests to th...

DataGear v5.0.0 and earlier contains a Spring Expression Language (SpEL) injection vulnerability in the Data Viewing interface. This allows authentica...

This vulnerability allows attackers to upload malicious files to the Pisay Online E-Learning System, which can lead to remote code execution. Attacker...

This vulnerability allows remote code execution in Hertzbeat monitoring systems through AviatorScript injection. Attackers can execute arbitrary stati...

This vulnerability in Hertzbeat allows remote code execution via JNDI injection in the JMX connector implementation. Attackers can exploit the /api/mo...

This is a critical template injection vulnerability (CWE-74) in older Confluence Data Center and Server versions that allows unauthenticated attackers...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on servers running Intumit SmartRobot's web framework. Attack...

CVE-2024-21623 is an expression injection vulnerability in OTClient's GitHub Actions workflow that allows remote code execution on GitHub runners. Att...

CVE-2023-43364 is a critical remote code execution vulnerability in Searchor's main.py that uses eval() on untrusted CLI input. This allows attackers ...

This vulnerability allows remote attackers to execute arbitrary shell commands on GL.iNET GL-AR300M routers by exploiting improper input validation in...

CVE-2023-49214 is a chat template injection vulnerability in Usedesk that allows attackers to inject malicious templates into chat interfaces. This af...

This vulnerability in the Five Star Restaurant Menu and Food Ordering WordPress plugin allows unauthenticated attackers to perform PHP Object Injectio...

CVE-2022-46337 is an LDAP authentication bypass vulnerability in Apache Derby database systems. Attackers can use specially crafted usernames to bypas...