CWE-74: Injection

CVE-2022-47583 is a terminal character injection vulnerability in Mintty terminal emulator that allows attackers to execute arbitrary code by sending ...

CVE-2022-24989 is a critical remote code execution vulnerability in TerraMaster NAS devices that allows attackers to execute arbitrary commands as roo...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of llama_index. Attackers can exploit the ...

This vulnerability in LangChain allows remote attackers to execute arbitrary code through the from_math_prompt and from_colored_object_prompt function...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of LangChain. Attackers can exploit the Py...

MotoCMS 3.4.3 contains a Server-Side Template Injection (SSTI) vulnerability in the Store Category Template via the keyword parameter. This allows att...

This vulnerability in LangChain version 0.0.64 allows remote attackers to execute arbitrary Python code through the PALChain parameter. Attackers can ...

CVE-2023-32314 is a critical sandbox escape vulnerability in vm2 that allows attackers to bypass sandbox protections and execute arbitrary code on the...

CVE-2023-29827 is a server-side template injection vulnerability in ejs v3.1.9 that allows attackers to execute arbitrary code if they can control tem...

This vulnerability in vm2 sandbox allows attackers to escape the sandbox environment and execute arbitrary code on the host system by exploiting impro...

This vulnerability in LangChain's LLMMathChain allows attackers to inject malicious prompts that execute arbitrary Python code via the exec() method. ...

Simple Image Gallery v1.0 contains a remote code execution vulnerability in the username parameter that allows attackers to execute arbitrary code on ...

This vulnerability in UBIKA WAAP Gateway/Cloud allows attackers to bypass authentication by stealing another user's session through blind XPath inject...

An LDAP injection vulnerability in Apache Kerby's LdapIdentityBackend allows attackers to manipulate LDAP queries through user-controlled input. This ...

CVE-2022-34914 is an injection vulnerability in Webswing that allows attackers to manipulate the X-Forwarded-For header to inject arbitrary arguments ...

This CVE describes a Server-Side Template Injection vulnerability in Form.io version 2.0.0 that allows remote code execution when deleting the default...

CVE-2022-25420 is a CRLF injection vulnerability in NTT Resonant's goo blog App Web Application 1.0 that allows attackers to execute arbitrary code vi...

CVE-2022-26205 is a critical remote code execution vulnerability in Marky software that allows attackers to execute arbitrary code by injecting malici...

CVE-2021-44550 is an incorrect access control vulnerability in Stanford CoreNLP's NERServlet that allows unauthenticated remote attackers to bypass au...

This vulnerability in Ibexa DXP allows attackers to perform injection attacks via image filenames. It affects systems running ezsystems/ezpublish-kern...

CVE-2021-43185 is a Host header injection vulnerability in JetBrains YouTrack that allows attackers to manipulate HTTP Host headers to perform web cac...

This vulnerability in neoan3-apps/template allows remote code execution through template injection. Attackers can pass callable values (closures) that...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on Apache Storm Nimbus servers by sending specially crafted T...

A path traversal vulnerability in Moxa MXview Network Management software allows attackers to create or overwrite critical files, potentially leading ...

CVE-2021-41862 is a critical remote code execution vulnerability in AviatorScript that allows attackers to execute arbitrary code by crafting maliciou...

CVE-2021-41392 is a critical remote code execution vulnerability in Boost Note desktop application. Attackers can send malicious IPC messages to explo...

CVE-2021-20509 is a CSV injection vulnerability in IBM Maximo Asset Management that allows remote attackers to execute arbitrary commands on affected ...

This vulnerability in Jumpserver allows attackers to create connection tokens through an unprotected API endpoint, which can then be used to access se...

CVE-2018-25016 is a Host Header Injection vulnerability in Greenbone Security Assistant (GSA) and Greenbone OS (GOS) that allows attackers to manipula...

CVE-2021-27730 is an argument injection vulnerability in Accellion FTA that allows attackers to execute arbitrary commands via crafted POST requests t...

This vulnerability allows remote attackers to execute arbitrary shell commands on SaltStack Salt servers via shell injection in the salt-api SSH clien...

CVE-2020-35775 is an LDAP injection vulnerability in CITSmart ITSM software that allows attackers to manipulate LDAP queries through user input. This ...

CVE-2020-15690 is a CRLF injection vulnerability in Nim's asyncftpclient library that allows attackers to inject arbitrary commands into FTP sessions ...

This CVE describes an iframe injection vulnerability in MyNET v.26.06 and earlier that allows remote attackers to execute arbitrary code via the src p...

This vulnerability allows malicious Progressive Web Apps (PWAs) to inject arbitrary code execution commands into desktop configuration files on Linux ...

This host header injection vulnerability in @perfood/couch-auth allows attackers to send password reset links that redirect to attacker-controlled ser...

This vulnerability affects cryptocurrency wallets implementing GG18 or GG20 threshold signature schemes (TSS). An attacker can extract the full ECDSA ...

This vulnerability allows authenticated attackers to achieve remote code execution on OneDev DevOps platforms by exploiting insecure deserialization i...

CVE-2021-21249 is a post-authentication remote code execution vulnerability in OneDev DevOps platform. It allows authenticated attackers to execute ar...

This CVE describes an AI command injection vulnerability in Microsoft 365 Copilot that allows unauthorized attackers to execute arbitrary commands and...

This vulnerability in PHP's PDO::quote() function for SQLite allows SQL injection when processing overly long user-supplied strings. It affects PHP ap...

This CVE describes multiple command injection vulnerabilities in the Wavlink AC3000 router's nas.cgi add_dir() functionality. An authenticated attacke...

This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 routers via a crafted HTTP request to the qos.cgi en...

This CVE describes a command injection vulnerability in the Wavlink AC3000 router's wireless.cgi AddMac() function. An authenticated attacker can exec...

This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 routers by sending specially crafted HTTP requests t...

CVE-2021-41128 is a CSV injection vulnerability in Hygeia that allows users to embed malicious formulas in exported CSV files. When these files are op...

This NoSQL injection vulnerability in GROWI wiki software allows attackers to manipulate database queries and access/modify stored data. It affects GR...

This vulnerability allows arbitrary code execution on Grist servers when using the pyodide sandbox flavor with untrusted spreadsheets. Attackers can r...

This vulnerability allows remote attackers to execute arbitrary commands on Wavlink AC3000 routers by sending specially crafted HTTP requests. Attacke...

XWiki Commons HTML sanitizer vulnerability allows attackers without script rights to create phishing forms or embed malicious inputs that could lead t...