CWE-94: Code Injection

This vulnerability in Rank Math SEO WordPress plugin allows attackers to inject arbitrary code into .htaccess files, potentially leading to remote cod...

This vulnerability in Joplin note-taking app allows attackers to achieve remote code execution on Windows systems by exploiting unfiltered URI schemes...

This vulnerability allows authenticated WordPress administrators to inject arbitrary PHP code into export files created by the All-in-One WP Migration...

CVE-2024-50611 is a code execution vulnerability in CycloneDX cdxgen where processing untrusted codebases may execute malicious code from build files ...

CVE-2024-48700 is an arbitrary code execution vulnerability in Kliqqi-CMS that allows attackers to execute malicious code on affected systems via the ...

This vulnerability in Doccano's annotation tools allows remote attackers to escalate privileges through crafted REST requests. It affects Doccano v1.8...

AutoCMS v5.4 contains a PHP code injection vulnerability in the txtsite_url parameter at /admin/site_add.php, allowing attackers to execute arbitrary ...

This vulnerability allows attackers to execute arbitrary code on Ab Initio Metadata Hub and Authorization Gateway servers by exploiting the import hos...

CVE-2024-22274 is an authenticated remote code execution vulnerability in VMware vCenter Server. Attackers with administrative shell access on the vCe...

A local code execution vulnerability in Telerik UI for WinForms allows untrusted theme assemblies to execute arbitrary code on Windows systems. This a...

This Server-Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to execute arbitrary commands by injecting malicious tem...

This CVE describes a command injection vulnerability in TYPO3's Install Tool that allows authenticated admin users with system maintainer privileges t...

This high-severity injection vulnerability (CWE-94) in Assets Discovery versions 1.0 through 6.2.0 allows authenticated attackers to modify system cal...

CVE-2024-1297 is an OS command injection vulnerability in Loomio version 2.22.0 that allows attackers to execute arbitrary commands on the server. Thi...

CVE-2024-25298 is a critical code injection vulnerability in REDAXO CMS version 5.15.1 that allows attackers to execute arbitrary code on affected sys...

CVE-2024-25301 is a remote code execution vulnerability in Redaxo CMS v5.15.1 that allows attackers to execute arbitrary code via the /pages/templates...

This vulnerability allows root users on NVIDIA Bluefield DPU BMC systems to inject and execute arbitrary code through ipmitool network calls. It affec...

This vulnerability allows authenticated superadmin users in Crater invoice software to execute arbitrary PHP code by embedding malicious code within P...

This vulnerability allows authenticated ISPConfig administrators to inject arbitrary PHP code through the language file editor when the admin_allow_la...

CVE-2023-30912 is a remote code execution vulnerability in HPE OneView that allows attackers to execute arbitrary code on affected systems. This affec...

This vulnerability in SeaCMS v12.8 allows attackers to execute arbitrary code through the admin_Weixin.php component. It affects all systems running t...

This CVE-2023-3551 is a code injection vulnerability in TeamPass password manager software that allows attackers to execute arbitrary code on affected...

This vulnerability allows remote attackers to inject and execute arbitrary PHP code through the config editor in TravianZ admin pages. It affects Trav...

CVE-2023-3393 is a code injection vulnerability in fossbilling that allows attackers to execute arbitrary code on affected systems. This affects all f...

CVE-2023-30179 is a Server-Side Template Injection vulnerability in CraftCMS that allows authenticated attackers to inject Twig templates into the Use...

This vulnerability in Advantech WebAccess/SCADA allows attackers to overwrite any file on the operating system, potentially leading to arbitrary code ...

This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server by sending specially crafted requests. It affects ...

S-CMS v5.0 contains an authenticated remote code execution vulnerability in the /admin/ajax.php component. Attackers with admin credentials can execut...

This command injection vulnerability in SolarWinds Platform allows authenticated administrators to execute arbitrary system commands. Attackers with c...

This vulnerability allows remote code execution through code injection in the DCE network settings endpoint of StruxureWare Data Center Expert. Attack...

This vulnerability allows authenticated administrators in Softnext Technologies Corp.'s SPAM SQR to inject malicious code through a specific function,...

This vulnerability in the Custom Content Type Manager WordPress plugin allows authenticated administrators to execute arbitrary PHP code remotely. It ...

CVE-2022-2073 is a code injection vulnerability in Grav CMS that allows attackers to execute arbitrary code on affected systems. This affects Grav ins...

The Ad Injection WordPress plugin through version 1.2.0.19 contains a critical vulnerability that allows authenticated administrators to inject arbitr...

This vulnerability allows remote authenticated administrators in SimpleMachinesForum to execute arbitrary PHP code by modifying themes. It affects Sim...

This vulnerability allows authenticated administrators with settings management permissions to inject PHP code into MyBB forum settings, leading to re...

This vulnerability allows remote attackers with system administrator permissions in Atlassian Jira Server and Data Center to execute arbitrary code vi...

AyaCMS 3.1.2 contains a remote code execution vulnerability in the admin module that allows attackers to execute arbitrary code on the server. This af...

CVE-2021-46118 is a remote code execution vulnerability in JPress 4.2.0 that allows attackers to inject malicious code through email template editing ...

CVE-2021-46117 is a remote code execution vulnerability in JPress 4.2.0 that allows authenticated attackers to inject malicious code via email templat...

This vulnerability allows high-privilege WordPress users (administrators/editors) to execute arbitrary PHP code via the Similar Posts plugin widget se...

This vulnerability allows authenticated MyBB administrators with 'Can manage settings?' permission to inject and execute arbitrary PHP code through th...

CVE-2021-25877 is an insecure file write vulnerability in AVideo/YouPHPTube that allows authenticated administrators to write arbitrary files to the s...

CVE-2021-41619 is a remote code execution vulnerability in Gradle Enterprise that allows attackers with administrative access to execute arbitrary com...

MaianAffiliate v1.0 suffers from code injection vulnerability in the admin product addition feature. This allows attackers to inject malicious code th...

CVE-2021-39503 is a remote code execution vulnerability in PHPMyWind 5.6 that allows attackers to inject PHP code into configuration files due to insu...

This vulnerability allows untrusted back-end users in Contao CMS to execute arbitrary PHP code via insert tags. It affects installations where back-en...

This vulnerability in the Speed Booster Pack WordPress plugin allows remote code execution (RCE) due to improper input validation. Attackers can injec...

This vulnerability in Pulse Connect Secure allows authenticated administrators to upload malicious archives that can write arbitrary files to the syst...

This vulnerability allows authenticated WordPress administrators (or users with admin privileges) to execute arbitrary code on servers running vulnera...