CWE-94: Code Injection

This vulnerability allows a cluster operator with existing access to inject malicious code into Apache Ambari requests, potentially gaining root privi...

A stack overflow vulnerability in Tenda AC21 routers allows attackers to execute arbitrary commands via crafted POST requests to the /goform/openSched...

This vulnerability allows remote code execution through Microsoft Outlook when processing specially crafted email messages. Attackers could execute ar...

CVE-2024-21649 is a code injection vulnerability in vantage6 privacy-enhancing technology platforms that allows authenticated users to execute arbitra...

This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers...

CVE-2024-23750 is a critical code injection vulnerability in MetaGPT that allows attackers with QaEngineer role access to execute arbitrary commands o...

This is a high-severity Remote Code Execution vulnerability in Atlassian Confluence Data Center and Server that allows authenticated attackers to exec...

This is a high-severity remote code execution vulnerability in Confluence Data Center and Server that allows authenticated attackers to execute arbitr...

This vulnerability allows authenticated attackers to execute arbitrary code on HummerRisk systems via a crafted request to the LicenseService componen...

This vulnerability in Scada-LTS allows authenticated attackers with low-level privileges to escalate their permissions, execute arbitrary code, and ac...

This vulnerability allows authenticated attackers to execute arbitrary code on ManageEngine ADSelfService Plus servers due to improper input handling ...

SeaCMS v12.9 contains a remote code execution vulnerability in the /augap/adminip.php component that allows attackers to execute arbitrary code on aff...

The Filr WordPress plugin before version 1.2.3.6 contains a remote code execution vulnerability that allows attackers with Author-level privileges to ...

This vulnerability allows attackers to upload malicious PHP files disguised as images through Statamic's front-end forms and control panel asset uploa...

Subrion CMS 4.2.1 contains a remote command execution vulnerability in the backend that allows authenticated attackers to execute arbitrary commands o...

CVE-2023-46055 is a critical remote code execution vulnerability in ThingNario Photon v1.0 that allows attackers to execute arbitrary code and escalat...

CVE-2023-43661 is a critical remote code execution vulnerability in Cachet status page systems. It allows authenticated users to execute arbitrary cod...

CVE-2023-41450 is a remote code execution vulnerability in phpkobo AjaxNewsTicker v1.0.5 that allows attackers to execute arbitrary code via a crafted...

This is a high-severity remote code execution vulnerability in Bitbucket Data Center and Server that allows authenticated attackers to execute arbitra...

This vulnerability allows authenticated, highly-privileged users to bypass the sandbox environment in Fides webserver API and execute arbitrary code w...

CVE-2022-41763 is a remote code execution vulnerability in NOKIA AMS 9.7.05 where authenticated remote users can inject code via the debugger of the i...

CVE-2023-39059 is a remote code execution vulnerability in Ansible Semaphore where an attacker can execute arbitrary commands via crafted extra variab...

A hidden functionality vulnerability in LOGITEC LAN-WH300N/RE wireless routers allows unauthenticated attackers to execute arbitrary code by sending s...

This vulnerability allows authenticated and authorized Apache NiFi users to configure HTTP URL references for retrieving drivers, enabling custom code...

CVE-2023-35333 is a remote code execution vulnerability in MediaWiki's PandocUpload extension that allows attackers to execute arbitrary code on affec...

This vulnerability allows authenticated attackers to execute arbitrary code on Microsoft SharePoint servers by uploading specially crafted files. It a...

CVE-2023-36859 is a command injection vulnerability in PiiGAB M-Bus SoftwarePack 900S that allows attackers to execute arbitrary commands on affected ...

This vulnerability in Orthanc allows authenticated users with API access to overwrite arbitrary files on the file system. In specific deployment scena...

Bagisto v1.5.1 contains a Server-Side Template Injection (SSTI) vulnerability that allows attackers to execute arbitrary code on the server. This affe...

CVE-2023-32527 is a remote code execution vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 where vulnerable PHP files allow attackers...

This CVE describes a Bean Manipulation vulnerability in SugarCRM's REST API that allows authenticated users to inject custom PHP code through crafted ...

CVE-2023-2943 is a code injection vulnerability in OpenEMR that allows attackers to execute arbitrary code on affected systems. This affects OpenEMR i...

This CVE describes a code injection vulnerability in TeamPass password manager that allows attackers to execute arbitrary code on affected systems. It...

This vulnerability allows remote attackers to execute arbitrary code on CraftCMS servers through server-side template injection in the Section paramet...

CVE-2023-31414 allows arbitrary code execution in Kibana when an attacker with write access to configuration files injects malicious JavaScript payloa...

This vulnerability allows authenticated attackers to execute arbitrary OS commands through Jinja template injection in InsightCloudSec. It affects sel...

This vulnerability allows authenticated attackers to execute arbitrary Python code through Jinja template injection via an exposed resource.db() metho...

This vulnerability allows authenticated non-administrative users in SAP Solution Manager and ABAP managed systems to exploit a vulnerable interface to...

CVE-2023-24078 is a remote code execution vulnerability in Real Time Logic FuguHub v8.1 and earlier that allows attackers to execute arbitrary code vi...

CVE-2023-0877 is a code injection vulnerability in the Froxlor server management panel that allows authenticated attackers to execute arbitrary code o...

This CVE describes a code injection vulnerability in the Froxlor server management panel that allows attackers to execute arbitrary code on affected s...

CVE-2021-40553 is a remote code execution vulnerability in Piwigo's LocalFiles Editor that allows attackers to execute arbitrary code on affected syst...

CVE-2021-41402 is a remote code execution vulnerability in flatCore-CMS v2.0.8 that allows attackers to execute arbitrary PHP code on affected systems...

This vulnerability in Smarty template engine allows template authors to inject PHP code through malicious {block} names or {include} file names. It af...

This CVE describes a command injection vulnerability in the manual ping form of Shenzhen Ejoin Information Technology's ACOM508/ACOM516/ACOM532 device...

Bolt CMS versions up to 4.2 contain a server-side template injection vulnerability in theme rendering functionality. Authenticated attackers can edit ...

CVE-2022-24780 is a critical remote code execution vulnerability in Combodo iTop ITSM software. Authenticated users can inject TWIG template code thro...

This vulnerability allows attackers to inject malicious code into specific parameters of a web application. When legitimate users review history secti...

HotelDruid v3.0.3 contains a remote code execution vulnerability where attackers can inject malicious payloads into the 'name' field when creating new...

CVE-2022-25018 is a critical remote code execution vulnerability in Pluxml CMS that allows attackers to execute arbitrary PHP code by injecting it int...