CWE-94: Code Injection

This CVE describes a code injection vulnerability in the ScottCart WordPress plugin that allows attackers to execute arbitrary code on affected system...

This vulnerability allows unauthenticated attackers to execute arbitrary code on WordPress servers running vulnerable versions of Time Clock or Time C...

CVE-2024-0220 is a cryptographic vulnerability in B&R Automation Studio Upgrade Service and B&R Technology Guarding that allows network-based attacker...

This vulnerability exploits Unicode's bidirectional text algorithm to create source code that appears benign to human reviewers but contains malicious...

CVE-2021-29465 is a critical vulnerability in Discord-Recon bot versions 0.0.3 and earlier that allows remote attackers to overwrite arbitrary files o...

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary commands on affected Cisco Unified Communications systems by ...

CVE-2025-67509 is a read-only bypass vulnerability in Neuron AI framework's MySQLSelectTool that allows file writing via SQL injection. Attackers who ...

IBM Integration Bus for z/OS is vulnerable to code injection by privileged users with access to the installation directory. This allows authenticated ...

This vulnerability allows remote code execution through insecure deserialization in Garden's cryo library dependency. Attackers with Kubernetes cluste...

This vulnerability in jsPDF allows attackers to inject arbitrary PDF objects into generated documents by controlling the argument of the `addJS` metho...

CVE-2024-39148 allows unauthenticated remote attackers to execute arbitrary operating system commands as root on KerOS systems by exploiting improper ...

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code on WordPress servers running the vulnerable Catalog Importer, Scrape...

The Phoneservice module contains a code injection vulnerability (CWE-94) that allows attackers to execute arbitrary code by injecting malicious input....

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected NETGEAR WiFi routers. Attackers can gain full control...

This vulnerability allows administrators to configure insecure captive portal scripts in Arista EOS devices, potentially enabling remote code executio...

A remote code execution vulnerability in Snyk Code Agent allows attackers to execute arbitrary code within the container. All versions of Code Agent a...

This vulnerability allows attackers to execute arbitrary JavaScript code in the Super Unlimited Video Downloader Android app through a vulnerable comp...

This vulnerability allows attackers to execute arbitrary JavaScript code through the MainActivity component in the Video Downloader Pro & Browser Andr...

This vulnerability in Moodle allows authenticated users with question editing permissions to execute arbitrary code through calculated question types....

This vulnerability allows attackers to execute arbitrary JavaScript code in the Android video downloader app via a vulnerable component. It affects us...

This vulnerability allows low-privileged remote attackers to modify firewall configuration through environment variables, potentially causing denial o...

A low-privileged remote attacker can modify OSPF service configuration through environment variables OSPF_INTERFACE.SIMPLE_KEY and OSPF_INTERFACE.DIGE...

This vulnerability allows low-privileged remote attackers to modify firewall configuration settings through the FW_PORTFORWARDING.SRC_IP environment v...

This vulnerability allows remote attackers to execute arbitrary code on Cobham SAILOR VSAT Ku systems via a crafted script targeting the acu_web compo...

This vulnerability in ConnectWise ScreenConnect allows man-in-the-middle attackers to send crafted messages that can lead to remote code execution. It...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on EdgeConnect SD-WAN Orchestrator systems if certain precond...

This vulnerability in Auto-GPT allows malicious Python code executed via the application's commands to overwrite the docker-compose.yml file, enabling...

CVE-2023-0788 is a code injection vulnerability in phpMyFAQ that allows attackers to execute arbitrary code on affected systems. This affects all user...

CVE-2021-40487 is a remote code execution vulnerability in Microsoft SharePoint Server that allows authenticated attackers to execute arbitrary code o...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to create arbitrary automations without proper authoriz...

This CVE describes a code injection vulnerability in DELMIA Apriso manufacturing software that allows attackers to execute arbitrary code on affected ...

This vulnerability allows remote code execution if an attacker obtains session administrator credentials for affected ASPECT systems. It affects multi...

This is a critical buffer overflow vulnerability in Alpine Halo9 devices that allows network-adjacent attackers to execute arbitrary code with root pr...

This is a remote code execution vulnerability in Craft CMS versions 4 and 5 that allows attackers to execute arbitrary code on affected systems. The v...

A Client-Side Template Injection (CSTI) vulnerability in Taiga's project creation component allows remote attackers to execute arbitrary JavaScript co...

Dell OpenManage Enterprise versions 4.1 and earlier contain a code injection vulnerability that allows authenticated attackers with low privileges to ...

Scriptcase v9.10.023 and earlier contains a vulnerability in the nm_zip function that allows remote attackers to execute arbitrary code on affected sy...

This CVE describes an eval injection vulnerability in InVesalius's DICOM file reader that allows attackers to execute arbitrary code by loading a mali...

This vulnerability allows authenticated attackers to execute arbitrary code on Linksys E2500 routers via the hnd_parentalctrl_unblock function. Attack...

This vulnerability in Westermo Lynx devices allows attackers with device access to execute arbitrary code, potentially compromising device functionali...

This vulnerability allows attackers to execute arbitrary code during the early boot sequence of Aruba 9200 and 9000 Series Controllers and Gateways. S...

This vulnerability allows attackers to inject malicious code into specific parameters of a web application, which is then executed when legitimate use...

This vulnerability in Samsung's TEEGRIS secure OS allows attackers to bypass caller verification checks in SMC calls, potentially compromising the Tru...

CVE-2025-33250 is a remote code execution vulnerability in NVIDIA's NeMo Framework that allows attackers to execute arbitrary code on affected systems...

The NVIDIA NeMo Framework vulnerability allows attackers to inject malicious code through crafted data inputs. Successful exploitation could lead to r...

NVIDIA Megatron Bridge contains a code injection vulnerability in a data shuffling tutorial component. Successful exploitation could allow attackers t...

CVE-2025-65715 is a remote code execution vulnerability in Visual Studio Code's Code Runner extension that allows attackers to execute arbitrary code ...

NVIDIA Megatron-LM contains a code injection vulnerability (CWE-94) where malicious data can lead to arbitrary code execution. This affects all platfo...

This vulnerability in Salt's junos execution module allows remote code execution through unsafe YAML deserialization. Attackers can craft malicious YA...

The browserstack-local Node.js package version 1.5.8 contains a command injection vulnerability due to improper sanitization of the logfile variable i...