CWE-94: Code Injection

HotelDruid v3.0.3 contains a remote code execution vulnerability where attackers can inject malicious payloads into the 'name' field when creating new...

CVE-2022-25018 is a critical remote code execution vulnerability in Pluxml CMS that allows attackers to execute arbitrary PHP code by injecting it int...

CVE-2021-46114 is a remote code execution vulnerability in JPress v4.2.0 that allows authenticated attackers with admin panel access to inject malicio...

This vulnerability allows attackers to execute arbitrary code by injecting malicious JavaScript through proxy configuration in Code42 applications. It...

CVE-2021-45806 is a code injection vulnerability in JPress v4.2.0 admin panel that allows authenticated attackers to modify templates and execute mali...

CVE-2021-42309 is a remote code execution vulnerability in Microsoft SharePoint Server that allows authenticated attackers to execute arbitrary code o...

CVE-2021-40348 is a code injection vulnerability in Spacewalk 2.10 and Uyuni 2021.08 that allows attackers to append arbitrary code to root-owned file...

This vulnerability allows users with contributor-level access in WordPress to execute arbitrary PHP code through the Gutenberg Block Editor Toolkit pl...

CVE-2020-21650 is a remote code execution vulnerability in Myucms v2.2.1 that allows attackers to execute arbitrary code on affected systems via the a...

CVE-2020-20124 is a remote code execution vulnerability in Wuzhi CMS v4.1.0 that allows attackers to execute arbitrary code on affected systems throug...

This vulnerability allows an attacker who has already compromised a network to take control of UniFi Talk devices that haven't been adopted yet. It af...

Monstra CMS 3.0.4 contains a code injection vulnerability in the 'Edit Snippet' module that allows authenticated attackers to execute arbitrary code o...

CVE-2020-22201 is a remote code execution vulnerability in phpCMS 2008 sp4 that allows attackers to execute arbitrary PHP commands via the pagesize pa...

CVE-2021-32673 is a critical command injection vulnerability in reg-keygen-git-hash-plugin that allows remote attackers to execute arbitrary commands ...

This vulnerability allows authenticated moderators in Invision Community (IPS Community Suite) to execute arbitrary PHP code via eval injection in the...

This vulnerability allows authenticated users without Script or Programming rights to execute privileged scripts by editing gadget titles in XWiki Pla...

This is a critical buffer overflow vulnerability in Pulse Connect Secure VPN appliances that allows remote authenticated attackers to execute arbitrar...

CVE-2021-31181 is a remote code execution vulnerability in Microsoft SharePoint Server that allows attackers to execute arbitrary code on affected sys...

This vulnerability allows authenticated remote attackers to execute arbitrary code with root privileges on Cisco Unified Communications products via a...

CVE-2021-27438 is a hard-coded password vulnerability in Reason DR60 devices that allows attackers to bypass authentication mechanisms. This affects a...

This vulnerability allows authenticated users with translation permissions to inject arbitrary PHP code into language files in ExpressionEngine CMS. S...

CVE-2021-21480 is a critical remote code execution vulnerability in SAP MII's Self Service Composition Environment (SSCE). Attackers with developer ac...

This vulnerability allows remote attackers to execute arbitrary code on affected systems through an integer overflow in Internet Explorer's WebViewFol...

This vulnerability allows an authorized attacker to execute arbitrary code on Microsoft Dataverse servers by exploiting insecure deserialization of un...

A remote code execution vulnerability in Arcadyan Meteor 2 CPE FG360 firmware allows attackers to execute arbitrary code on affected devices via speci...

CVE-2021-36800 is a code injection vulnerability in Akaunting accounting software that allows remote attackers to execute arbitrary PHP code by sendin...

This vulnerability in Go's cgo tool allows attackers to smuggle malicious code into compiled binaries by exploiting differences in how Go and C/C++ co...

A code injection vulnerability in Pygwalker's login redirection function allows attackers to execute arbitrary code and access sensitive information b...

This vulnerability allows a malicious app to escape its sandbox restrictions on Apple operating systems, potentially accessing system resources or oth...

CVE-2024-25713 is a double-free vulnerability in yyjson library versions through 0.8.0 that can lead to memory corruption and potentially remote code ...

This vulnerability allows remote attackers to execute arbitrary CL commands as the QUSER account on IBM i systems by exploiting the DDM architecture. ...

This vulnerability in Helm allows local code execution when updating dependencies if a malicious Chart.yaml file exists and Chart.lock is symlinked to...

This vulnerability in SAP NetWeaver Application Server ABAP allows authenticated attackers to craft RFC requests that expose credentials for remote se...

This vulnerability allows authenticated users to inject malicious parameters into JDBC URLs in IBM Data Virtualization Manager for z/OS, potentially l...

This vulnerability allows arbitrary Python code execution in langchain-experimental when using VectorSQLDatabaseChain. Attackers who can control input...

CVE-2023-22677 is a code injection vulnerability in the WordPress WP Booklet plugin that allows remote attackers to execute arbitrary code on affected...

This vulnerability allows authenticated users of JumpServer to exploit MongoDB sessions through the WEB CLI interface to execute arbitrary commands, l...

CVE-2022-2636 is a code injection vulnerability in Hestia Control Panel that allows authenticated users to execute arbitrary code on the server. This ...

CVE-2021-39144 is a remote code execution vulnerability in XStream library versions before 1.4.18. Attackers with sufficient privileges can execute ar...

This vulnerability allows DAG authors with existing permissions to manipulate Airflow's database to execute arbitrary code in the web-server context w...

CVE-2025-67750 is a remote code execution vulnerability in Lightning Flow Scanner where maliciously crafted flow metadata files can execute arbitrary ...

This CVE describes an arbitrary code execution vulnerability in WSO2 integration products where authenticated users with elevated privileges (administ...

This CVE describes a DDE injection vulnerability in GoldenDB database products that allows attackers to embed malicious DDE expressions in files. When...

A remote code execution vulnerability in parisneo/lollms version 9.8 allows attackers to bypass Python sandbox restrictions and execute arbitrary comm...

An unauthenticated local attacker can gain administrative privileges by deploying a malicious configuration file due to improper input validation. Thi...

This vulnerability allows attackers to escalate privileges and execute arbitrary code by sending crafted IOCTL requests to the segwindrvx64.sys driver...

This vulnerability allows remote attackers to execute arbitrary JavaScript code in the YI Smart Kami Vision Android app through an implicit intent to ...

This CVE describes a DLL hijacking vulnerability in IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments. A local authenticate...

A command injection vulnerability in RTS VLink Virtual Matrix Software allows authenticated attackers to execute arbitrary commands via the admin web ...

This vulnerability allows authenticated SAP users with standard authorization to remotely execute a function module that can replace arbitrary ABAP pr...