CWE-74: Injection

This vulnerability allows remote attackers to execute arbitrary commands on TRENDnet TEW-800MB routers through command injection in the NTPSyncWithHos...

This vulnerability allows remote attackers to execute arbitrary commands on TRENDnet TEW-800MB routers by injecting malicious commands through the man...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-860LB1 and DIR-868LB1 routers by injecting malicious commands i...

A code injection vulnerability in the DHCP Server configuration file of Siemens RUGGEDCOM ROX devices allows attackers to execute arbitrary code. This...

This CVE describes a command injection vulnerability in ZSPACE Q2C NAS devices that allows remote attackers to execute arbitrary commands on affected ...

This vulnerability allows remote attackers to execute arbitrary commands on ZSPACE Q2C NAS devices by exploiting a command injection flaw in the file ...

This vulnerability allows remote attackers to execute arbitrary commands on ZSPACE Q2C NAS devices by injecting malicious input into the safe_dir para...

A critical command injection vulnerability in D-Link DIR-600L routers allows remote attackers to execute arbitrary commands by manipulating the wake_o...

CVE-2025-24962 is a command injection vulnerability in reNgine's nmap_cmd parameter that allows authenticated users to execute arbitrary commands on t...

Shields.io versions before server-2024-09-25 contain a remote code execution vulnerability in the JSONPath library used by dynamic badges. Attackers c...

A vulnerability in the cp_bbs_sig function of Relic relic-toolkit 0.6.0 allows remote attackers to extract sensitive information through fault injecti...

This vulnerability allows authenticated attackers to execute arbitrary commands on Nginx-UI servers via CRLF injection when modifying test_config_cmd ...

This vulnerability in Pimcore's Admin Classic Bundle allows attackers to perform account takeover by manipulating password reset emails. Attackers can...

This vulnerability allows attackers to perform Server-Side Template Injection (SSTI) attacks in Hyland Alfresco Community Edition by inserting malicio...

Shuttle Booking Software 2.0 contains a CSV injection vulnerability in the Languages export functionality. This allows attackers to inject malicious f...

Car Rental Script v3.0 contains a CSV injection vulnerability in the Language > Labels > Export functionality. This allows attackers to inject malicio...

Time Slots Booking Calendar 4.0 contains a CSV injection vulnerability in the unique ID field of the Reservations List. This allows attackers to injec...

This is a template injection vulnerability in Confluence Data Center and Server that allows authenticated attackers (including anonymous users) to inj...

This vulnerability allows authenticated attackers to inject arbitrary PHP code into the config.inc.php file of Super Store Finder, leading to remote c...

This vulnerability allows any authenticated user in Progress OpenEdge Management or OpenEdge Explorer to perform URL injection attacks to escalate pri...

This vulnerability allows attackers to inject Spring Expression Language templates through certain web services in Pentaho Business Analytics Server, ...

CVE-2022-22360 is an LDAP injection vulnerability in IBM Sterling Partner Engagement Manager that allows authenticated remote attackers to manipulate ...

CVE-2022-31593 is a code injection vulnerability in SAP Business One client version 10.0 that allows authenticated attackers with low privileges to ex...

CVE-2022-33011 is a host header injection vulnerability in Known CMS that allows attackers to perform account takeover by manipulating password reset ...

LDAP Account Manager versions before 8.0 contain a vulnerability where incorrect regular expressions allow uploading PHP scripts to the config/templat...

CVE-2022-23064 is a host header injection vulnerability in Snipe-IT that allows attackers to send password reset links pointing to attacker-controlled...

CVE-2021-41282 is a command injection vulnerability in pfSense's diag_routes.php that allows authenticated users to inject sed commands and write arbi...

CVE-2022-23616 allows unprivileged users to execute arbitrary code on XWiki Platform instances by injecting Groovy scripts into their profiles and tri...

CVE-2022-23614 is a code injection vulnerability in Twig's sandbox mode that allows attackers to execute arbitrary PHP functions when using the sort f...

This LDAP injection vulnerability in IBM WebSphere Application Server - Liberty allows authenticated remote attackers to manipulate LDAP queries throu...

October CMS versions before 1.0.473 and 1.1.6 contain a vulnerability where authenticated backend users with 'create, modify and delete website pages'...

CVE-2021-43852 is a prototype pollution vulnerability in OroPlatform that allows attackers to inject malicious properties into JavaScript prototypes v...

This vulnerability allows unauthenticated attackers to inject newline characters in the password field of NETGEAR smart switch web UIs, bypassing auth...

CVE-2021-32756 is a critical remote code execution vulnerability in ManageIQ's MiqExpression module where low-privilege users can inject and execute a...

CVE-2021-20574 is an LDAP injection vulnerability in IBM Security Identity Manager Adapters that allows authenticated attackers to execute malicious L...

This vulnerability allows attackers to inject arbitrary FTP commands by tricking users into clicking malicious FTP URLs containing encoded newline cha...

This vulnerability in Google Chrome for Android allowed attackers to inject malicious scripts or HTML into privileged pages by tricking users into ins...

This vulnerability in sp-php-email-handler allows attackers to specify arbitrary email recipients and inject user-provided content into confirmation e...

This vulnerability allows remote attackers to read arbitrary files on Synology DiskStation Manager (DSM) systems through improper input sanitization i...

This vulnerability in Valkey allows malicious users to inject arbitrary data into response streams via scripting commands, potentially corrupting or t...

EspoCRM versions before 9.0.8 contain an HTML injection vulnerability in Knowledge Base articles that allows authenticated users with read access to c...

CVE-2025-24904 is a vulnerability in libsignal-service-rs that allows servers or malicious clients to inject plaintext content envelopes, potentially ...

CVE-2023-29521 is a critical remote code execution vulnerability in XWiki Platform where any user with view rights can execute arbitrary Groovy, Pytho...

CVE-2021-43837 is a remote code execution vulnerability in vault-cli where secrets starting with '!template!' are interpreted as Jinja2 templates. Att...

This CVE describes a command injection vulnerability in Haven blog's IndieAuth functionality that allows authenticated attackers to execute arbitrary ...

CVE-2024-23830 is an account hijack vulnerability in MantisBT where an unauthenticated attacker can take over user accounts by poisoning password rese...

An improper authorization vulnerability in Zoom Workplace for Android allows unauthenticated attackers with network access to escalate privileges. Thi...

This vulnerability in pyLoad allows attackers to inject malicious content into the web interface due to insufficient input validation in the Captcha s...