CWE-94: Code Injection

CVE-2026-27574 allows remote code execution in OneUptime monitoring software. Any user with ProjectMember role (including anonymous users via open reg...

Microsoft Semantic Kernel Python SDK versions before 1.39.4 contain a remote code execution vulnerability in the InMemoryVectorStore filter functional...

This CVE describes a Server-Side Template Injection vulnerability in Datart's Freemarker template engine that allows authenticated attackers to execut...

This vulnerability allows authenticated users with file editor permissions in CI4MS to achieve remote code execution by uploading and executing arbitr...

This vulnerability allows authenticated attackers to execute arbitrary code on n8n workflow automation platforms, leading to full system compromise. I...

This vulnerability allows remote code execution through improper input validation in the IF AS Shortcode WordPress plugin. Attackers can inject malici...

CVE-2025-42880 is a critical remote code execution vulnerability in SAP Solution Manager where authenticated attackers can inject malicious code throu...

CVE-2025-42887 is a critical code injection vulnerability in SAP Solution Manager that allows authenticated attackers to execute arbitrary code via re...

Grafana Image Renderer versions 1.0.0 through 4.0.16 contain an arbitrary file write vulnerability in the /render/csv endpoint that allows remote code...

This CVE describes a code injection vulnerability in Gardener Extensions for AWS, Azure, OpenStack, and GCP providers that allows administrative users...

This critical vulnerability in SAP NetWeaver AS Java allows authenticated non-administrative users to upload arbitrary files that can be executed, lea...

This vulnerability allows attackers to bypass MIME type validation and upload malicious PHP files disguised as Excel files to WeGIA web servers. Succe...

CVE-2025-58159 is a critical remote code execution vulnerability in WeGIA web management software for charitable institutions. It allows attackers to ...

CVE-2025-48169 is a critical code injection vulnerability in the WordPress Code Engine plugin that allows remote attackers to execute arbitrary code o...

This vulnerability allows remote attackers to execute arbitrary code on WordPress sites running the vulnerable Product XML Feed Manager for WooCommerc...

This critical vulnerability in SAP S/4HANA allows authenticated users to inject arbitrary ABAP code via RFC-exposed function modules, bypassing author...

CVE-2025-42950 is a critical code injection vulnerability in SAP Landscape Transformation (SLT) that allows authenticated users to execute arbitrary A...

This CVE describes a critical code injection vulnerability in the MetalpriceAPI WordPress plugin that allows remote code execution. Attackers can inje...

This CVE describes a critical code injection vulnerability in WilderForge GitHub Actions workflows where user-controlled variables like ${{ github.eve...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of the PDF 2 Post WordPress plugin. Attack...

CVE-2025-31330 is a critical code injection vulnerability in SAP Landscape Transformation (SLT) that allows authenticated users to execute arbitrary A...

This critical vulnerability in SAP S/4HANA allows authenticated users to inject arbitrary ABAP code via RFC function modules, bypassing authorization ...

This CVE describes a critical remote code execution vulnerability in pgAdmin 4 where attacker-controlled input is passed to Python's eval() function. ...

This critical vulnerability in RomethemeKit For Elementor WordPress plugin allows authenticated attackers to execute arbitrary code through command in...

This CVE describes a critical remote code execution vulnerability in the Visual Text Editor WordPress plugin. Attackers can inject malicious code thro...

This vulnerability allows remote attackers to execute arbitrary commands on ToDesktop build servers by exploiting postinstall scripts in package.json ...

This vulnerability allows remote attackers to execute arbitrary code on WordPress sites running the vulnerable Post/Page Copying Tool plugin. Attacker...

CVE-2025-22133 is a critical file upload vulnerability in WeGIA web management software that allows unauthenticated attackers to upload malicious .pha...

This critical vulnerability allows an attacker with access to a VSPC management agent machine to execute arbitrary code on the VSPC server, potentiall...

This vulnerability allows authenticated attackers with contributor-level access or higher to execute arbitrary code on WordPress servers through the W...

This critical vulnerability allows low-privileged users to upload arbitrary files to VSPC servers, leading to remote code execution. Attackers can gai...

This critical vulnerability allows administrators with restricted permissions to execute arbitrary code via the Ping script in Zabbix monitoring syste...

This CVE describes a remote code execution vulnerability in JupyterLab extension template's GitHub Actions workflow. Attackers can execute arbitrary c...

This vulnerability allows authenticated users with access to Thruk's reporting functionality to execute arbitrary commands on the server via URL param...

CVE-2024-39932 is an argument injection vulnerability in Gogs that allows attackers to execute arbitrary commands on the server during change preview ...

This vulnerability allows authenticated attackers to execute arbitrary PHP code on WordPress sites running vulnerable versions of the WishList Member ...

This vulnerability allows remote code execution in the WordPress Customify Site Library plugin. Attackers can inject and execute arbitrary code on aff...

This vulnerability allows authenticated users with Subscriber-level permissions in WordPress to inject and execute arbitrary PHP code through the Main...

This CVE describes a critical code injection vulnerability in the Cwicly Builder WordPress plugin that allows remote code execution. Attackers can inj...

This vulnerability allows authenticated attackers to execute arbitrary code on WordPress sites using Oxygen Builder. It affects all versions up to 4.9...

This CVE describes a Jinja2 template injection vulnerability in JumpServer's Ansible component that allows authenticated attackers to execute arbitrar...

This vulnerability allows remote code execution (RCE) in the Astra Pro WordPress plugin. Attackers can inject and execute arbitrary code on affected w...

This vulnerability allows remote code execution in the WP EXtra WordPress plugin through improper .htaccess file modification. Attackers can inject ma...

This vulnerability in XWiki Platform allows any user who can edit a wiki page to gain programming rights through missing escaping in administration in...

This vulnerability in XWiki Platform allows authenticated users to inject malicious XWiki syntax containing script macros through the search administr...

This vulnerability in XWiki Platform allows authenticated users with edit rights to execute arbitrary Groovy code on the server by exploiting improper...

This vulnerability allows any user with view access to the Invitation.WebHome page in XWiki Platform to execute arbitrary script macros, including Gro...

CVE-2023-34251 is a server-side template injection vulnerability in Grav CMS that allows authenticated users with page editing privileges to execute a...

CVE-2022-25759 is a critical remote code injection vulnerability in convert-svg-core package versions before 0.6.2. Attackers can execute arbitrary co...

CVE-2022-24664 is a critical remote code execution vulnerability in PHP Everywhere WordPress plugin. It allows any user with post editing permissions ...