CWE-94: Code Injection

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to upload arbitrary files through the Post Saint plugin...

This vulnerability allows remote attackers to execute arbitrary code on TOTOLINK A3002R routers via the formWsc function in the /bin/boa web server. A...

This is a post-authentication code injection vulnerability in Sophos Firewall's User Portal that allows authenticated users to execute arbitrary code ...

A vulnerability in CodeAstro Complaint Management System v1.0 allows remote attackers to escalate privileges through the mess-view.php component. This...

CVE-2024-55661 is a remote code execution vulnerability in Laravel Pulse monitoring tool. Authenticated users with dashboard access can execute arbitr...

This vulnerability allows attackers to bypass the 'Open Executable File?' confirmation dialog in Firefox and Thunderbird by tricking users with keypre...

SeaCms 13.1 contains a code injection vulnerability in the admin notification module that allows authenticated backend users to execute arbitrary code...

This vulnerability allows attackers to execute arbitrary JavaScript code in the HD Video Downloader All Format Android app through a vulnerable compon...

A Host header injection vulnerability in Agile-Board 1.0 allows attackers to manipulate password reset links to steal reset tokens. This affects all u...

CVE-2024-48655 is a server-side JavaScript code injection vulnerability in Total.js CMS v1.0 that allows remote attackers to execute arbitrary code vi...

This CVE describes a remote code execution vulnerability in the add_llm function of infiniflow/ragflow version 0.11.0. Attackers can exploit user-cont...

This critical vulnerability in FBM_292W-21.03.10V allows remote attackers to execute arbitrary commands on affected devices by manipulating the path p...

CVE-2024-6983 is a critical remote code execution vulnerability in mudler/localai version 2.17.1 that allows attackers to upload malicious binary file...

A remote command execution vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands on affected systems by sending specially cra...

The Frontend Dashboard WordPress plugin allows authenticated attackers with subscriber-level access or higher to execute arbitrary PHP functions throu...

This vulnerability allows attackers to execute arbitrary code on LimeSurvey servers by injecting malicious payloads into the lng parameter of the js_l...

This vulnerability allows attackers to bypass verification logic in XiaomiGetApps, potentially leading to remote code execution. Users of Xiaomi devic...

This vulnerability allows attackers to bypass verification logic in XiaomiGetApps, potentially leading to remote code execution on affected devices. U...

The Image Hotspot by DevVN WordPress plugin is vulnerable to PHP object injection through deserialization of untrusted input. This allows authenticate...

This vulnerability allows remote attackers to execute arbitrary code on Netgear DGN1000WW routers via the Diagnostics page. It affects users running v...

This vulnerability allows authenticated attackers to execute arbitrary code remotely on ManageEngine OpManager and Remote Monitoring and Management sy...

SeaCMS 13.0 contains a remote code execution vulnerability in admin_files.php where authenticated attackers can bypass file editing restrictions to wr...

This vulnerability allows remote code execution in the Fence Agents Remediation operator by injecting arbitrary commands into --ssh-path/--telnet-path...

Attackers with valid credentials can execute arbitrary Python code during login by exploiting improper input validation. This affects systems using vu...

This vulnerability allows server-side JavaScript execution through insufficient path validation in Nuxt's test component wrapper. Attackers can achiev...

This vulnerability in Delphix Engine allows remote attackers to execute arbitrary code on affected systems. The flaw exists in versions before 25.0.0....

CVE-2024-41667 is a template injection vulnerability in OpenAM's OAuth2 provider settings that allows attackers to execute arbitrary code on affected ...

This CVE describes a template injection vulnerability in Apache software versions before 2.1.4 that allows authenticated users to execute arbitrary co...

This vulnerability in SonicWall SMA100 NetExtender Windows client allows an attacker to execute arbitrary code when processing an EPC Client update. I...

This vulnerability allows authenticated DAG authors in Apache Airflow to craft malicious doc_md parameters that can execute arbitrary code in the sche...

This vulnerability in setuptools allows remote code execution when user-controlled URLs are processed by the package_index module. Attackers can injec...

SeaCMS 12.9 contains a remote code execution vulnerability in phomebak.php where unfiltered variable names are written into PHP files. Authenticated a...

PublicCMS v4.0.202302.e contains a remote code execution vulnerability in the ScriptComponent.java file via the cmdarray parameter. This allows attack...

This vulnerability in Ghostscript allows arbitrary code execution by loading a malicious dynamic library specified in a crafted PostScript document. I...

This vulnerability allows attackers to upload malicious .SQL files through the Upload Template function in Dolibarr ERP CRM, potentially leading to ar...

This vulnerability in Google Chrome's Dawn WebGPU implementation allows remote attackers to execute arbitrary code by tricking users into visiting a m...

This vulnerability allows authenticated WordPress users with contributor-level access or higher to execute arbitrary code on the server through the Un...

This is a high-severity remote code execution vulnerability in Confluence Data Center and Server that allows authenticated attackers to execute arbitr...

This vulnerability allows authenticated attackers to execute arbitrary commands on TOTOLINK X5000R routers by manipulating the ipsecL2tpEnable paramet...

This vulnerability allows authenticated attackers to execute arbitrary commands on TOTOLINK X5000R routers by exploiting improper input validation in ...

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening a specially crafted .wav audio file. It affects ph...

This vulnerability in Wazuh's host_deny script allows attackers to inject arbitrary commands into the /etc/hosts.deny file, leading to arbitrary comma...

An HTML injection vulnerability in Enpass Password Manager Desktop Client allows attackers to execute arbitrary HTML code by creating specially crafte...

SeaCMS version 12.9 contains a vulnerability in admin/notify.php that allows remote attackers to execute arbitrary code. This is a code injection vuln...

This vulnerability in Dolibarr ERP CRM allows attackers with adjacent network access to execute arbitrary code during the installation process due to ...

This vulnerability in Grav CMS allows administrative users to bypass SSTI mitigations and execute arbitrary code through Twig template processing. Att...

Grav CMS versions before 1.7.45 contain a Server-Side Template Injection vulnerability that allows authenticated users with editor permissions to exec...

This vulnerability allows authenticated non-admin users in OpenMetadata to execute arbitrary system commands via SpEL expression injection. Attackers ...

CVE-2024-27756 is a CSV injection vulnerability in GLPI that allows attackers to embed malicious formulas in asset titles. When exported to CSV and op...

This vulnerability allows a cluster operator with existing access to inject malicious code into Apache Ambari requests, potentially gaining root privi...