CWE-74: Injection

This CVE describes a command injection vulnerability in the firmware update service of D-Link DIR-605 routers with firmware version 202WWB03. Attacker...

A vulnerability in Siemens RUGGEDCOM ROX devices allows attackers to execute arbitrary code as root via the SCEP client's lack of field validation dur...

A code injection vulnerability in Siemens RUGGEDCOM ROX devices allows attackers to execute arbitrary code as root when Virtual Routing and Forwarding...

A code injection vulnerability in IPsec implementation allows attackers to execute arbitrary code with root privileges on affected Siemens RUGGEDCOM R...

This CVE describes a command injection vulnerability in UGREEN DH2100+ NAS devices that allows remote attackers to execute arbitrary commands on affec...

This vulnerability allows administrators in Combodo iTop to execute arbitrary code on the server by editing the instance configuration. It affects iTo...

Authenticated attackers with admin panel access to vaultwarden can execute arbitrary system commands through a crafted favicon image when using sendma...

This critical vulnerability in Tenda AC8, AC10, and AC18 routers allows remote attackers to execute arbitrary commands via command injection in the HT...

This vulnerability affects multiple Siemens industrial network devices where improper input sanitization allows authenticated remote attackers with ad...

This vulnerability allows authenticated attackers to execute arbitrary code on GLPI servers running PHP 7.4 by exploiting the LDAP server configuratio...

Grav CMS versions 1.7.42 and later contain a server-side template injection vulnerability due to an incorrect security check that allows bypassing fun...

This vulnerability in Apache Airflow's CNCF Kubernetes provider allows authenticated users with elevated permissions (Operator or Admin roles) to modi...

This vulnerability in Craft CMS allows attackers with admin privileges to execute arbitrary code by uploading files with arbitrary extensions that get...

CVE-2023-22621 is a Server-Side Template Injection vulnerability in Strapi that allows authenticated attackers with admin panel access to execute arbi...

This vulnerability allows attackers to escape the JavaScript sandbox in delight-nashorn-sandbox versions 0.2.4 and 0.2.5, enabling them to invoke exit...

This CVE allows authenticated users with page management permissions in OctoberCMS to bypass safe mode restrictions and execute arbitrary code through...

CVE-2021-35450 is a Server-Side Template Injection vulnerability in Entando Admin Console that allows authenticated users with administrative privileg...

This vulnerability allows remote attackers to execute arbitrary code on Bloomreach Experience Manager (brXM) systems by exploiting a flaw in the Groov...

CVE-2021-21263 is a query binding vulnerability in Laravel and illuminate/database packages where unexpected array inputs can manipulate SQL queries. ...

CVE-2020-12736 is a server-side template injection vulnerability in Code42 on-premises servers that allows remote code execution. When administrators ...

Mattermost versions 2.10.0 and earlier contain a CSRF vulnerability due to improper sanitization of deeplink paths. This allows attackers to trick aut...

Mattermost web applications fail to properly validate route parameters in the team/channel URL path, allowing attackers to perform client-side path tr...

This CVE describes a server-side injection vulnerability in multiple NETGEAR router and WiFi system models, allowing attackers to execute arbitrary co...

This CVE describes a server-side injection vulnerability affecting multiple NETGEAR routers, extenders, and WiFi systems. Attackers can inject malicio...

This CVE describes a server-side injection vulnerability in certain NETGEAR Orbi WiFi systems. It allows attackers to inject malicious code that could...

Flatpak's file forwarding feature contains a vulnerability where malicious app publishers can embed special tokens (@@ or @@u) in .desktop files to tr...

CVE-2020-15238 is an argument injection vulnerability in Blueman's D-Bus interface that allows local attackers to execute arbitrary commands with elev...

This vulnerability allows attackers to bypass flash read-out protection on STM32L4 microcontrollers by injecting a fault during boot. It enables unaut...

This CVE describes a session hijacking vulnerability in Flarum forum software where an attacker controlling any subdomain under a parent domain can se...

A query injection vulnerability in @langchain/langgraph-checkpoint-redis allows attackers to manipulate RediSearch queries by injecting special syntax...

This vulnerability in Cisco ISE and ISE-PIC allows authenticated attackers with high-privileged credentials to execute arbitrary code as root on the u...

This vulnerability allows authenticated administrators on Cisco Secure Network Analytics Manager and Virtual Manager to execute arbitrary commands as ...

This vulnerability allows attackers to inject and execute arbitrary shortcodes in the WPCS WordPress Currency Switcher Professional plugin. Attackers ...

This CVE describes an injection vulnerability in opencc JFlow's Calculate function that allows remote attackers to execute malicious code or commands....

This SQL injection vulnerability in SourceCodester Sales and Inventory System 1.0 allows attackers to manipulate database queries through the 'sellid'...

This SQL injection vulnerability in SourceCodester Sales and Inventory System 1.0 allows remote attackers to execute arbitrary SQL commands via the st...

This SQL injection vulnerability in EasyCMS allows attackers to manipulate database queries through the _order parameter in RbacuserAction.class.php. ...

This vulnerability allows remote attackers to execute SQL injection attacks against the Janobe Resort Reservation System 1.0 by manipulating the 'q' p...

This CVE describes a SQL injection vulnerability in itsourcecode's 'sanitize or validate this input 1.0' software. Attackers can exploit the teacher_i...

This SQL injection vulnerability in SourceCodester Sales and Inventory System 1.0 allows attackers to manipulate database queries via the 'cost' param...

This CVE describes a SQL injection vulnerability in SourceCodester Sales and Inventory System version 1.0. Attackers can exploit the 'stock_name1' par...

CVE-2026-3745 is an SQL injection vulnerability in code-projects Student Web Portal 1.0 that allows remote attackers to execute arbitrary SQL commands...

This SQL injection vulnerability in JeecgBoot allows attackers to execute arbitrary SQL commands through the isExistSqlInjectKeyword function in the /...

This CVE describes a SQL injection vulnerability in DefaultFuction Jeson Customer Relationship Management System 1.0.0 that allows remote attackers to...

This CVE describes a command injection vulnerability in PhialsBasement's nmap-mcp-server that allows attackers to execute arbitrary commands on the sy...

CVE-2026-3149 is a SQL injection vulnerability in itsourcecode College Management System 1.0 that allows remote attackers to execute arbitrary SQL com...

This CVE describes a command injection vulnerability in HummerRisk's Cloud Compliance Scanning component. Attackers can execute arbitrary commands on ...

This vulnerability allows remote attackers to execute arbitrary commands on HummerRisk systems by injecting malicious input into the regionId paramete...

This vulnerability allows remote attackers to execute arbitrary commands on systems running vulnerable versions of qinming99 dst-admin. The command in...

This vulnerability allows remote attackers to perform injection attacks via manipulated driverClassName/url parameters in Dromara UJCMS's importChanel...