CWE-94: Code Injection

This vulnerability allows authenticated WordPress administrators (or users with admin privileges) to execute arbitrary code on servers running vulnera...

This vulnerability allows authenticated Nagios XI administrators to execute arbitrary code through code injection in the graphtemplates.php component....

This vulnerability allows authenticated users in Batflat CMS to inject malicious code through user profile fields, leading to remote code execution. I...

Lodash versions before 4.17.21 contain a command injection vulnerability in the template function that allows attackers to execute arbitrary commands ...

This vulnerability allows Moodle site administrators to execute arbitrary PHP code via a PHP include during Shibboleth authentication. It affects Mood...

This vulnerability allows authenticated attackers to upload custom templates through the Pulse Connect Secure admin web interface, leading to arbitrar...

CVE-2019-7177 is a code injection vulnerability in Pexip Infinity that allows authenticated administrators to execute arbitrary code on nodes. This af...

CVE-2020-6318 is a critical code injection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform that allows remote attackers to execute arbitr...

This vulnerability allows remote attackers to execute arbitrary Python code on Langflow installations through Python function components. Attackers ca...

This vulnerability in vLLM allows remote code execution when loading model configurations containing auto_map entries. Attackers can create a seemingl...

A code injection vulnerability in GitHub Enterprise Server allows attackers to inject malicious code via the identity property in message handling, en...

This vulnerability in Microsoft.IdentityModel allows attackers to make arbitrary HTTP GET requests by exploiting trust in the 'jku' claim within Signe...

This vulnerability allows remote attackers to execute arbitrary Java code on OpenNMS Horizon and Meridian servers running vulnerable versions. It affe...

CVE-2023-26436 is a Java deserialization vulnerability in OX App Suite's documentconverterws API that allows authenticated attackers on local networks...

CVE-2022-25760 is a code injection vulnerability in the accesslog npm package that allows attackers to execute arbitrary JavaScript code on the host s...

CVE-2020-7745 is a backdoor vulnerability in MintegralAdSDK that allows Mintegral and their advertising partners to remotely execute arbitrary code on...

This vulnerability in NNM (Network Node Manager) allows low-privileged users to execute arbitrary code with SYSTEM privileges when NNM is installed in...

This vulnerability in SAP HANA JDBC Client allows high-privilege locally authenticated users to supply crafted connection parameters that lead to unau...

This vulnerability in Delinea Secret Server's protocol handler allows remote code execution through URI comparison flaws before normalization. Attacke...

This critical vulnerability allows authenticated staff users in Tendenci CMS to execute arbitrary code on the server through unsafe Python pickle dese...

This CVE describes a missing Secure Boot implementation on ESP32 SoC devices, specifically affecting Meatmeet basestation devices. Attackers with phys...

This CVE describes an authenticated remote code execution vulnerability in WSO2 products where administrators can deploy malicious Java code through S...

This vulnerability allows a physically proximate attacker to execute arbitrary code on Arris NVG443B routers via the cshell login component. It affect...

A SecureROM vulnerability in certain Apple devices allows unauthenticated local attackers with physical access to execute arbitrary code during boot v...

The WP ALL Export Pro WordPress plugin has an authentication bypass vulnerability that allows authenticated attackers with Shop Manager or higher priv...

CVE-2024-36361 allows remote code execution in Pug template engine when untrusted input is passed to specific compilation functions. Applications usin...

A command injection vulnerability in AOS-CX Operating System allows authenticated remote attackers to execute arbitrary commands on affected systems. ...

This vulnerability allows a high-privileged attacker with local access to Dell SmartFabric OS10 switches to execute arbitrary code through improper in...

This vulnerability allows local admin users on Brocade Fabric OS to escalate privileges to root level, enabling arbitrary code execution. It affects F...

SAP ERP BW Business Content contains function modules vulnerable to OS command injection, allowing attackers to execute arbitrary commands on the unde...

This vulnerability allows improper access control in the home screen widget module, potentially enabling attackers to disrupt device availability. It ...

SeaCMS 13.0 has an authenticated remote code execution vulnerability in admin_editplayer.php where attackers can bypass file restrictions to write and...

This CVE describes a code injection vulnerability in the YayCommerce YayCurrency WordPress plugin that allows attackers to execute arbitrary code on a...

This vulnerability allows authenticated attackers to execute arbitrary commands on Mitel MiCollab systems through command injection in the Web Confere...

OnlineNewsSite v1.0 contains a stored XSS vulnerability in the admin post editor that allows attackers to inject malicious JavaScript into news articl...

This vulnerability in WBSAirback 21.02.04 allows improper neutralization of Server-Side Includes (SSI) through the License endpoint at /admin/CDPUsers...

This CVE describes a code injection vulnerability in Apache Hive's JDBC driver that allows arbitrary code execution on client systems. Attackers can e...

A code injection vulnerability in binary-parser library versions before 2.3.0 allows attackers to execute arbitrary JavaScript code when untrusted inp...

This CVE describes a code injection vulnerability in the Molla WordPress theme that allows attackers to execute arbitrary code on affected websites. T...

This CVE describes a code injection vulnerability in the Javo Core WordPress plugin that allows attackers to execute arbitrary code on affected system...

This vulnerability allows attackers to inject malicious code into Salesforce Agentforce Vibes Extension's LLM prompting system. When exploited, it cou...

This vulnerability allows attackers to inject malicious code through improperly sanitized input used for LLM prompting in Salesforce Mulesoft Anypoint...

This CVE describes a code injection vulnerability in the Bearsthemes Alone WordPress theme that allows attackers to execute arbitrary code on affected...

This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes through the ProfilePress plugin. Attackers can potential...

This CVE describes a code injection vulnerability in the Eventer WordPress plugin that allows attackers to execute arbitrary code through shortcode ma...

This CVE describes an arbitrary file upload vulnerability in Filemanager v2.5.0 that allows attackers to upload crafted SVG files containing malicious...

This vulnerability allows a malicious actor to cause a persistent denial of service in FireEye EDR agents by sending a specially crafted tamper protec...

The Shortcodes by United Themes WordPress plugin allows unauthenticated attackers to execute arbitrary shortcodes due to improper input validation. Th...

This vulnerability allows attackers to inject malicious code through shortcodes in the Ohio Extra WordPress plugin, potentially leading to remote code...

The Listingo WordPress theme allows unauthenticated attackers to execute arbitrary shortcodes due to improper input validation. This vulnerability aff...