CWE-94: Code Injection

CVE-2020-28464 is a critical code injection vulnerability in the djv JSON schema validation library. An attacker who can control the schema file can e...

This is a critical remote code execution vulnerability in zzzphp CMS that allows attackers to execute arbitrary commands on the server through eval in...

CVE-2020-11851 is a critical remote code execution vulnerability in Micro Focus ArcSight Logger affecting all versions before 7.1.1. Attackers can rem...

CVE-2020-7373 is a remote command execution vulnerability in vBulletin forums that allows attackers to execute arbitrary code on affected servers. Thi...

CVE-2020-18185 is a critical remote code execution vulnerability in PluXml 5.7 that allows attackers to execute arbitrary PHP code by modifying the co...

This vulnerability allows remote code injection and privilege escalation in Brocade Fabric OS. Attackers can execute arbitrary code with elevated priv...

This vulnerability allows remote attackers to execute arbitrary C# code on servers running vulnerable versions of Stimulsoft Reports by embedding mali...

This vulnerability allows remote unauthenticated attackers to execute arbitrary commands with SYSTEM privileges on Desigo CC building automation syste...

SuperWebMailer 7.21.0.01526 contains a critical remote code execution vulnerability in the Language parameter of mailingupgrade.php. Unauthenticated a...

CVE-2019-5997 is a critical code injection vulnerability in Video Insight VMS that allows remote attackers to execute arbitrary code on affected syste...

This vulnerability allows attackers to bypass security controls in Langroid's TableChatAgent and execute arbitrary code through the pandas_eval tool. ...

CVE-2026-22793 is an unsafe option parsing vulnerability in the ECharts Markdown plugin of the 5ire AI assistant that allows arbitrary JavaScript exec...

SiYuan personal knowledge management systems before version 3.5.4 have a stored XSS vulnerability in the dynamic icon feature. Attackers can inject ma...

This vulnerability in the Dive MCP Host Desktop Application allows attackers to install malicious MCP server configurations via crafted deeplinks with...

DeepChat versions before 0.5.3 contain a critical vulnerability where unsafe Mermaid diagram rendering allows arbitrary JavaScript execution. This XSS...

DeepChat versions 0.5.0 and earlier contain a stored XSS vulnerability in the Mermaid diagram renderer that allows attackers to execute arbitrary Java...

CVE-2025-61929 is a critical remote code execution vulnerability in Cherry Studio's custom protocol handler. Attackers can craft malicious cherrystudi...

This vulnerability in AIRI v0.7.2-beta.2 allows attackers to achieve remote code execution through a cross-site scripting (XSS) attack. The XSS vulner...

This vulnerability in DeepChat's Mermaid chart rendering component allows cross-site scripting (XSS) that can lead to remote command execution. Attack...

CVE-2024-41961 is a critical code injection vulnerability in Elektra's live search functionality where authenticated users can inject Ruby code that g...

This vulnerability allows remote code execution on FortiClientLinux installations through code injection. Attackers can execute arbitrary code by tric...

CVE-2023-46242 is a critical vulnerability in XWiki Platform that allows authenticated users with programming privileges to execute arbitrary content ...

This vulnerability in Citrix Secure Access client for Ubuntu allows remote code execution when a user opens a malicious link and accepts prompts. It a...

CVE-2022-1575 is a critical vulnerability in draw.io diagramming software that allows attackers to bypass input sanitization and execute arbitrary cod...

CVE-2021-39159 is a critical remote code execution vulnerability in BinderHub that allows attackers to execute arbitrary code in the BinderHub context...

CVE-2021-39160 is a critical vulnerability in nbgitpuller, a Jupyter server extension for syncing git repositories. Due to unsanitized input in crafte...

This vulnerability allows authenticated attackers to execute arbitrary code on ZStack IaaS management servers by bypassing Groovy sandbox restrictions...

This vulnerability in OpenMetadata allows remote attackers to execute arbitrary code by exploiting a Spring Expression Language (SpEL) injection flaw....

Baicells EG7035-M11 devices with vulnerable firmware allow remote attackers to execute arbitrary commands with root privileges via HTTP GET requests w...

InvoicePlane 1.7.0 contains a critical Remote Code Execution vulnerability that allows authenticated administrators to execute arbitrary system comman...

This vulnerability in authentik allows authenticated users with specific delegated permissions to execute arbitrary code on the authentik server conta...

This vulnerability allows attackers to execute arbitrary code on WordPress sites running the vulnerable Nelio AB Testing plugin. Attackers can inject ...

This vulnerability allows remote attackers to execute arbitrary code on WordPress sites running the Hotel Booking Lite plugin. Attackers can inject ma...

pgAdmin versions up to 9.9 running in server mode are vulnerable to remote code execution when processing PLAIN-format database dump files during rest...

This vulnerability allows remote attackers to execute arbitrary code on WordPress sites running the Paid Videochat Turnkey Site plugin (ppv-live-webca...

This vulnerability allows authenticated administrator users in PluXml CMS to overwrite the minify.php file with arbitrary PHP code via the admin panel...

This vulnerability allows remote attackers to execute arbitrary code on WordPress sites running the vulnerable bidorbuy Store Integrator plugin. Attac...

This vulnerability allows privileged OpenBao operators to bypass security restrictions and execute arbitrary code on the underlying host by manipulati...

A privileged Vault operator with write permission to the sys/audit endpoint can execute arbitrary code on the underlying host when Vault is configured...

OpenCTI versions before 6.4.11 contain a critical vulnerability where users with 'manage customizations' capability can execute arbitrary commands on ...

This vulnerability allows remote authenticated administrators to inject malicious code into Ivanti Connect Secure and Policy Secure systems, leading t...

This vulnerability allows remote attackers to execute arbitrary PHP code on WordPress sites using the WP Ultimate Exporter plugin. Attackers can achie...

CVE-2024-10094 is a code injection vulnerability in Pega Platform that allows attackers to execute arbitrary code on affected systems. This affects al...

This CVE describes a prototype pollution vulnerability in Kibana that allows authenticated attackers with specific permissions to execute arbitrary co...

CVE-2024-37770 is a critical remote command execution vulnerability in 14Finger v1.1 that allows attackers to execute arbitrary system commands via cr...

CVE-2024-38448 is a command injection vulnerability in GNU Global's htags tool that allows arbitrary code execution when processing untrusted database...

This vulnerability allows attackers to launch arbitrary URLs within McAfee Security: Antivirus VPN for Android by exploiting improper deep link valida...

This vulnerability allows authenticated administrators in SailPoint Identity Security Cloud to execute arbitrary code on the host system by using user...

This vulnerability allows remote attackers to execute arbitrary code on Library System V1.0 installations via improper input validation in the student...

This SQL injection vulnerability in ITB-GmbH TradePro v9.5 allows remote attackers to execute arbitrary SQL queries through the oordershow component i...