CWE-94: Code Injection

The Listingo WordPress theme allows unauthenticated attackers to execute arbitrary shortcodes due to improper input validation. This vulnerability aff...

This vulnerability allows remote attackers to execute arbitrary code on systems running xxyopen novel plus version 4.4.0 and earlier. The flaw exists ...

PHPJabbers Cleaning Business Software v1.0 has a CSV injection vulnerability that allows attackers to execute arbitrary code when malicious CSV files ...

PHPJabbers Restaurant Booking System v3.0 contains multiple HTML injection vulnerabilities in various parameters, allowing attackers to inject malicio...

The AI Infographic Maker WordPress plugin allows unauthenticated attackers to execute arbitrary shortcodes due to improper input validation. This vuln...

This vulnerability in Android's ZipFile.java allows attackers to execute arbitrary code by manipulating dynamic code loading through improper input va...

This vulnerability allows authenticated users with restricted access in SAP BusinessObjects Business Intelligence Platform to inject malicious JavaScr...

This vulnerability allows unauthenticated attackers to upload malicious PHP files through the car rental system's file upload feature, leading to remo...

This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes through the CF7 WOW Styler plugin. Attackers can potenti...

This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes through the WPMobile.App plugin. Attackers can potential...

The Woodmart WordPress theme allows unauthenticated attackers to execute arbitrary shortcodes via a vulnerable AJAX endpoint. This vulnerability affec...

This vulnerability allows remote attackers to execute arbitrary code on systems running ofcms 1.1.2 by exploiting improper input validation in the Fil...

This vulnerability allows attackers to leak livechat messages by chaining two NoSQL injection vulnerabilities in Rocket.Chat's livechat system. The at...

This Node.js vulnerability allows attackers to bypass network import restrictions by embedding non-network imports in data URLs, potentially leading t...

This vulnerability allows remote code execution with administrator privileges on endpoints running CoSoSys Endpoint Protector or Unify agent. An attac...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary shortcodes through the Discussion ...

The Inpersttion For Theme WordPress plugin has a remote code execution vulnerability that allows authenticated attackers with Contributor-level access...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary shortcodes through the Ninja Forms...

The Pojo Forms WordPress plugin allows authenticated attackers with Subscriber-level access or higher to execute arbitrary shortcodes via a vulnerable...

The InPost Gallery WordPress plugin allows authenticated attackers with Subscriber-level access or higher to execute arbitrary shortcodes via an AJAX ...

This critical vulnerability in wuzhicms 4.1.0 allows remote attackers to inject and execute arbitrary code through the add/edit function in block.php....

CVE-2024-45200 (KartLANPwn) is a stack-based buffer overflow vulnerability in Nintendo Mario Kart 8 Deluxe's LAN/LDN multiplayer implementation. Attac...

This critical vulnerability in 123solar 1.8.4.5 allows remote attackers to execute arbitrary code by manipulating the PASSOx parameter in the config/c...

CVE-2024-38990 is a prototype pollution vulnerability in Tada5hi sp-common v0.5.4's mergeDeep function that allows attackers to inject arbitrary prope...

This CVE describes a SQL injection vulnerability in H3C SeaSQL DWS V2.0 that allows remote attackers to execute arbitrary code via crafted files. Orga...

CVE-2025-65026 is a template literal injection vulnerability in esm.sh's CSS-to-JavaScript conversion feature that allows attackers to inject maliciou...

SAP NetWeaver Application Server ABAP contains an HTML injection vulnerability that allows attackers to craft malicious URLs with script payloads. Whe...

This vulnerability allows local system users to modify directory contents, potentially leading to arbitrary code execution with elevated permissions. ...

This vulnerability allows attackers to execute arbitrary code on systems running vulnerable versions of KnowBe4's Phish Alert Button for Outlook by ex...

This CVE describes a code injection vulnerability in FortiClientMac that allows unauthenticated attackers to execute arbitrary code by tricking users ...

This CVE describes a potential remote code execution vulnerability in MariaDB v.11.1 through the lib_mysqludf_sys.so function. The vulnerability allow...

This CVE describes a code injection vulnerability in waveterm's Electron Fuses implementation on macOS that allows bypassing TCC (Transparency, Consen...

A file upload vulnerability in NestJS allows remote attackers to execute arbitrary code by manipulating the Content-Type header. This affects NestJS a...

This vulnerability allows local attackers to execute arbitrary code via a malicious dynamic library (dylib) injection in RAR Extractor - Unarchiver Fr...

This critical vulnerability in composiohq composio allows remote code execution through code injection in the Calculator function. Attackers can execu...

This vulnerability in CPython's email module allows header injection when serializing email messages due to improper quoting of newlines in email head...

The Shortcode Ajax WordPress plugin allows unauthenticated attackers to execute arbitrary shortcodes due to improper input validation. This vulnerabil...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary shortcodes via the ProfilePress pl...

This is a cross-site scripting (XSS) vulnerability in DzzOffice 2.3.x that allows low-privilege attackers to inject malicious JavaScript into comment ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary shortcodes through the Classified ...

This vulnerability allows HTML injection via crafted Accept-Language headers in librechat version 0.7.9. When exploited, attackers can inject arbitrar...

CVE-2025-42901 is a stored cross-site scripting (XSS) vulnerability in SAP Application Server for ABAP's BAPI explorer. Authenticated attackers can in...

This CVE describes a code injection vulnerability in the WP User Frontend WordPress plugin that allows attackers to execute arbitrary code. It affects...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary shortcodes through the Everest For...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary shortcodes through the Global Gall...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary shortcodes through the Motors plug...

MonicaHQ v4.1.1 contains an authenticated client-side injection vulnerability in the journal entry text field. This allows authenticated attackers to ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary shortcodes through the Email Subsc...

This CVE describes a code injection vulnerability in the FluentForm WordPress plugin that allows attackers to execute arbitrary shortcodes. Attackers ...

The WPMasterToolkit WordPress plugin allows authenticated users with Contributor-level access or higher to inject and execute arbitrary PHP code throu...