CWE-94: Code Injection

The browserstack-local Node.js package version 1.5.8 contains a command injection vulnerability due to improper sanitization of the logfile variable i...

CVE-2025-33233 is a code injection vulnerability in NVIDIA Merlin Transformers4Rec that could allow attackers to execute arbitrary code. This affects ...

Codigo Markdown Editor 1.0.1 contains a remote code execution vulnerability where attackers can craft malicious markdown files that execute arbitrary ...

Fickling versions before 0.1.6 incorrectly flagged unsafe pickle files as safe due to missing 'pty' module in the unsafe import blocklist. This vulner...

This vulnerability in Foxit PDF software allows arbitrary code execution when processing malicious PDF files. Attackers can exploit memory corruption ...

This CVE describes a code injection vulnerability in the GiveWP WordPress plugin that allows attackers to execute arbitrary shortcodes. It affects all...

This vulnerability in NVIDIA Isaac-GR00T allows attackers to inject malicious code through a Python component, potentially leading to remote code exec...

This CVE describes a code injection vulnerability in NVIDIA Isaac-GR00T's Python component that could allow attackers to execute arbitrary code. Succe...

The NVIDIA NeMo Framework contains a code injection vulnerability in its BERT services component that allows attackers to execute arbitrary code by se...

NVIDIA Megatron-LM contains a code injection vulnerability (CWE-94) where malicious data can lead to arbitrary code execution. This affects all platfo...

The NVIDIA NeMo Framework contains a vulnerability where malicious input can cause improper control of code generation, potentially leading to remote ...

NVIDIA Megatron-LM's msdp preprocessing script contains a code injection vulnerability (CWE-94) that allows attackers to execute arbitrary code by pro...

CVE-2025-23348 is a code injection vulnerability in NVIDIA's Megatron-LM pretrain_gpt script that allows attackers to execute arbitrary code by provid...

CVE-2025-23315 is a code injection vulnerability in NVIDIA NeMo Framework's export and deploy component that allows attackers to execute arbitrary cod...

NVIDIA NeMo Curator contains a code injection vulnerability (CWE-94) where malicious files can execute arbitrary code. This affects all platforms runn...

CVE-2025-23313 is a code injection vulnerability in NVIDIA's NeMo Framework NLP component that allows attackers to execute arbitrary code by providing...

A code injection vulnerability in NI LabVIEW allows arbitrary code execution when users open specially crafted VI files containing CIN nodes. This aff...

A remote code execution vulnerability exists in ROS 'rosbag' tool due to unsafe eval() usage on user input in the 'rosbag filter' command. Attackers c...

This CVE describes a remote code execution vulnerability in ROS's rosparam tool where attackers can execute arbitrary Python code by crafting maliciou...

This CVE allows local users to execute arbitrary Python code through the ROS rostopic command's 'hz' verb filter option. The vulnerability affects ROS...

This vulnerability allows authenticated attackers with administrator credentials to execute arbitrary commands with SYSTEM privileges on NSClient++ se...

CVE-2025-23265 is a code injection vulnerability in NVIDIA Megatron-LM's Python component that allows attackers to execute arbitrary code by providing...

CVE-2025-32801 allows attackers to load malicious hook libraries into Kea DHCP servers via configuration or API directives. This can lead to remote co...

This memory handling vulnerability in Apple operating systems allows arbitrary code execution when processing malicious files. Attackers can exploit t...

This vulnerability in IBM Security Verify Access Appliance allows local users to execute arbitrary code due to improper restrictions on code generatio...

A buffer overflow vulnerability in Bento4 v1.6.0-641 allows local attackers to execute arbitrary code via the AP4_Stz2Atom component. This affects sys...

This CVE describes a validation logic vulnerability in Apple operating systems that allows an application to execute arbitrary code with kernel privil...

This vulnerability allows processing a malicious file to cause unexpected app termination or arbitrary code execution on affected Apple devices. It af...

This vulnerability allows remote code execution in Microsoft Power Automate through improper control of generation of code (CWE-94). Attackers could e...

This CVE describes an insecure permissions vulnerability in ROS2 navigation2 that allows local attackers to execute arbitrary code via the error-throw...

A buffer overflow vulnerability in ROS2 navigation2 allows local attackers to execute arbitrary code by providing a malicious script. This affects sys...

This vulnerability allows a local attacker to execute arbitrary code with elevated privileges on systems running MSI Center Pro 2.1.37.0. By exploitin...

This vulnerability allows attackers to execute arbitrary code by loading malicious DLLs when users run specific NetBackup commands on Windows systems....

This vulnerability allows local unprivileged users to achieve privilege escalation and potentially execute arbitrary code as root. The flaw exists in ...

UltiMaker Cura 3D printing slicer versions 5.7.0-beta.1 through 5.7.2 contain a code injection vulnerability in the 3MF file reader. Attackers can cra...

A buffer overflow vulnerability in pdf2json v0.70 allows local attackers to execute arbitrary code by exploiting the GString::copy() and ImgOutputDev:...

This vulnerability allows a local attacker to execute arbitrary code by exploiting the MSI-based installer repair mode in Thesycon TUSBAudio software....

CVE-2024-24520 is a code injection vulnerability in Lepton CMS v7.0.0 that allows local attackers to execute arbitrary code via the upgrade.php file i...

This is a memory corruption vulnerability (CWE-94: Improper Control of Generation of Code) in Apple operating systems that allows an application to ex...

This vulnerability allows malicious applications to inject code into sensitive Xcode binaries on macOS systems. It affects macOS Monterey, Big Sur, an...

Cambium ePMP Force 300-25 version 4.7.0.1 contains a code injection vulnerability that allows remote attackers to execute arbitrary code with root pri...

This vulnerability allows attackers to inject malicious code into Remote Desktop Manager on macOS by manipulating the DYLIB_INSERT_LIBRARIES environme...

This vulnerability allows local attackers to execute arbitrary code by tricking legitimate users into opening malicious markdown files in Inkdrop. It ...

CVE-2023-36718 is a remote code execution vulnerability in Microsoft's Virtual Trusted Platform Module (vTPM) that allows authenticated attackers to e...

This vulnerability in Binalyze IREC.sys driver allows a local attacker to execute arbitrary code with kernel privileges via a specific function. It af...

CVE-2023-41984 is a memory handling vulnerability in Apple operating systems that allows an application to execute arbitrary code with kernel privileg...

This vulnerability allows arbitrary code execution during the DXE phase of UEFI boot process in InsydeH2O firmware. Attackers can set a UEFI variable ...

This vulnerability allows processing a malicious file to cause unexpected app termination or arbitrary code execution on affected macOS systems. It af...

This CVE-2023-1049 vulnerability allows code injection when a user opens a malicious project file in Schneider Electric's HMI software. Attackers can ...

This vulnerability in HP Softpaq installer allows attackers to execute arbitrary code by exploiting improper control of generation of code (CWE-94). I...