CWE-94: Code Injection

This vulnerability allows arbitrary code execution during the DXE phase of UEFI boot process in InsydeH2O firmware. Attackers can set a UEFI variable ...

This vulnerability allows processing a malicious file to cause unexpected app termination or arbitrary code execution on affected macOS systems. It af...

This CVE-2023-1049 vulnerability allows code injection when a user opens a malicious project file in Schneider Electric's HMI software. Attackers can ...

This vulnerability in HP Softpaq installer allows attackers to execute arbitrary code by exploiting improper control of generation of code (CWE-94). I...

CVE-2023-33733 is a critical code injection vulnerability in Reportlab PDF library versions up to 3.6.12. Attackers can execute arbitrary code by tric...

This vulnerability allows remote code execution through the Microsoft Windows Support Diagnostic Tool (MSDT) when processing specially crafted files. ...

This CVE-2023-0598 vulnerability in GE Digital Proficy iFIX allows attackers to inject malicious configuration files into the web server execution pat...

This CVE describes vulnerabilities in the system BIOS of certain HP PC products that could allow attackers to execute arbitrary code, escalate privile...

This vulnerability allows arbitrary code execution through malicious YAML configuration files in Sockeye neural machine translation framework. Attacke...

CVE-2021-43208 is a remote code execution vulnerability in Microsoft 3D Viewer that allows attackers to execute arbitrary code by tricking users into ...

This vulnerability allows remote code execution through specially crafted Microsoft Word documents. Attackers can exploit this by tricking users into ...

CVE-2021-40485 is a remote code execution vulnerability in Microsoft Excel that allows attackers to execute arbitrary code by tricking users into open...

This vulnerability allows attackers with local filesystem access to add arbitrary plugins to RabbitMQ on Windows systems. It affects RabbitMQ Windows ...

CVE-2021-21415 is a remote code execution vulnerability in the Prisma VS Code extension that allows arbitrary code execution when auto-formatting or v...

CVE-2019-1157 is a remote code execution vulnerability in the Windows Jet Database Engine that allows attackers to execute arbitrary code on vulnerabl...

This vulnerability allows authenticated users in Metabase to extract sensitive information including database credentials via template evaluation in e...

This vulnerability allows attackers to execute arbitrary Python code on TechDocs build servers when configured with 'runIn: local'. Malicious actors w...

This vulnerability allows remote code execution on LSC Smart Connect Indoor PTZ Cameras when a specially crafted QR code is presented during Wi-Fi con...

Joplin desktop application has a remote code execution vulnerability where clicking malicious links in untrusted notes can execute arbitrary shell com...

This vulnerability in HP SoftPaq software allows attackers to execute arbitrary code by modifying configuration files after extraction. It affects sys...

A remote code execution vulnerability in SLiMS 9 Bulian allows attackers to execute arbitrary code via the scrap_image.php component. This affects all...

This vulnerability allows attackers to escape the Local Python execution environment sandbox in smolagents by exploiting incomplete validation of dund...

OpenRefine versions before 3.8.3 lack CSRF protection on the preview-expression command, allowing malicious websites to execute attacker-controlled Cl...

This CVE describes a HTML injection vulnerability in PHPGurukul's User Registration & Login and User Management System. Attackers can inject arbitrary...

A stored cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to inject malicious scripts into the Custom Fields Name text fi...

CVE-2024-36581 is a prototype pollution vulnerability in abw badger-database version 1.2.1 that allows attackers to modify JavaScript object prototype...

This vulnerability allows remote attackers to execute arbitrary code on FlowiseAI installations by sending crafted scripts to the api/v1 component. It...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of GNU Savane by uploading a specially cra...

This vulnerability allows attackers to bypass Windows SmartScreen security checks, potentially enabling them to execute malicious files without proper...

CVE-2021-32706 is a code injection vulnerability in Pi-hole's web interface that allows attackers to execute arbitrary code, list directories, and ove...

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can cause applicati...

This CVE describes a code injection vulnerability in Beaver Builder Lite WordPress plugin that allows attackers to execute arbitrary code. It affects ...

This vulnerability allows remote code execution in Cursor AI code editor versions 1.6 and below through manipulation of Visual Studio Code workspace f...

CVE-2025-52218 is a content spoofing vulnerability in SelectZero Data Observability Platform that allows attackers to inject arbitrary text or limited...

This CVE describes a code injection vulnerability in Azure Monitor Agent that allows unauthorized attackers on adjacent networks to execute arbitrary ...

This AMD processor vulnerability allows malicious software with kernel-level (ring0) access to bypass System Management Mode (SMM) protections and mod...

This vulnerability in h2oai/h2o-3 version 3.46.0 allows attackers to call the main function of any class under the water.tools namespace via the run_t...

CVE-2024-32358 is a remote code execution vulnerability in JPress v5.1.0 that allows attackers to execute arbitrary code through crafted scripts in th...

This vulnerability allows authenticated malicious clients to send specially crafted LINQ queries to execute arbitrary code remotely on SCM servers. It...

This vulnerability allows authenticated malicious clients to execute arbitrary code on SCM Server by sending specially crafted LINQ queries that bypas...

This vulnerability allows remote attackers to execute arbitrary code on systems running MyPrestaModules ordersexport version 6.0.2 and earlier. Attack...

Komm.One CMS 10.4.2.14 has a Server-Side Template Injection vulnerability in the Velocity template engine that allows remote attackers to execute arbi...

CVE-2022-46070 is a Local File Inclusion vulnerability in GV-ASManager V6.0.1.0's GeoWebServer component that allows attackers to read arbitrary files...

This vulnerability in Teamwire Windows desktop client allows remote attackers to obtain sensitive information by sending a crafted payload to the mess...

CVE-2023-51770 is an arbitrary file read vulnerability in Apache DolphinScheduler that allows attackers to read sensitive files from the server filesy...

This vulnerability in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications by exploiting a leaked channel access token. Attack...

This vulnerability in tinyfiledialogs allows shell metacharacters in dialog box titles, messages, and other input fields, potentially enabling command...

This vulnerability in hjson-java allows attackers to cause Denial of Service (DoS) by sending specially crafted JSON strings. Applications using hjson...

This CVE describes a Remote Code Execution vulnerability in Jedox's /be/rpc.php endpoint that allows authenticated users to load arbitrary PHP classes...

This vulnerability in Paradox Security Systems IPR512 allows attackers to cause denial of service by exploiting injection vulnerabilities in login.htm...