CWE-913: CWE-913
Yearly Trend
Top Affected Vendors
All CWE-913 CVEs (22)
CVE-2023-29017 is a critical sandbox escape vulnerability in vm2 that allows attackers to bypass sandbox protections and execute arbitrary code on the...
Apr 6, 2023This vulnerability allows authenticated users with workflow creation/modification permissions in n8n to execute arbitrary system commands on the host ...
Feb 4, 2026This critical vulnerability allows unauthenticated remote attackers to modify device configurations, potentially leading to remote code execution with...
Jul 8, 2025This vulnerability in vm2's exception sanitization logic allows attackers to bypass sandbox protections and execute arbitrary code on the host system....
Apr 14, 2023This vulnerability in Huawei smartphones allows improper control of dynamically managed code resources, potentially enabling remote command execution....
Aug 2, 2021Thunar file manager versions before 4.16.7 and 4.17.x before 4.17.2 automatically execute files without user confirmation when opened as command-line ...
May 11, 2021CVE-2020-15568 is a critical remote code execution vulnerability in TerraMaster TOS that allows attackers to execute arbitrary commands as root throug...
Jan 30, 2021This vulnerability allows authenticated developers in CrafterCMS to bypass Groovy sandbox restrictions and execute arbitrary operating system commands...
Jun 19, 2025This vulnerability in Ivanti Endpoint Manager allows remote, unauthenticated attackers to write arbitrary files to the server, which could lead to rem...
Dec 9, 2025Langflow versions before 1.0.13 contain a privilege escalation vulnerability where remote attackers with low privileges can gain super admin access by...
Jul 30, 2024This vulnerability in Budibase allows attackers to execute arbitrary code by exploiting improper control of dynamically-managed code resources. It aff...
Sep 16, 2022This vulnerability allows authenticated attackers to execute arbitrary code on Apache ShardingSphere ElasticJob-UI servers by exploiting a flaw in H2 ...
Feb 6, 2025This vulnerability in DataHub's AuthServiceClient allows attackers to manipulate JSON strings with user-controlled data, potentially leading to authen...
Feb 11, 2023CVE-2025-54065 is a critical memory corruption vulnerability in GZDoom that allows arbitrary code execution through crafted ZScript actor state handli...
Dec 3, 2025This vulnerability allows authenticated developers in Crafter CMS Studio to execute arbitrary operating system commands through FreeMarker static meth...
May 16, 2022This vulnerability in SamuNatsu HaloBot allows remote attackers to execute arbitrary code by manipulating the 'action' argument in the html_renderer p...
Dec 15, 2025This vulnerability in youlaitech youlai-mall allows remote attackers to manipulate the orderId parameter in the /app-api/v1/orders/ endpoint, leading ...
Dec 5, 2025This vulnerability in youlaitech youlai-mall allows attackers to manipulate dynamically-identified variables through the getById/updateAddress/deleteA...
Dec 4, 2025This vulnerability in Intel NPU drivers allows unprivileged user applications to cause a denial of service through improper control of dynamically-man...
Nov 11, 2025NASA CryptoLib versions before 1.3.2 fail to verify the operational state of Security Associations (SAs) before use, potentially allowing attackers to...
Apr 27, 2025This vulnerability allows authenticated remote users to escalate privileges without authorization in Synology DiskStation Manager and Unified Controll...
Dec 4, 2025This vulnerability in Google Apigee's JavaCallout policy allows attackers to inject malicious Java objects into the MessageContext, enabling remote co...
Dec 5, 2025About CWE-913 (CWE-913)
Our database tracks 22 CVEs classified as CWE-913, with 8 rated critical and 7 rated high severity. The average CVSS score for CWE-913 vulnerabilities is 8.1.
External reference: View CWE-913 on MITRE CWE →
Monitor CWE-913 Vulnerabilities
Get alerted when new CWE-913 CVEs affect your infrastructure.
Start Monitoring Free