CWE-94: Code Injection

This vulnerability allows attackers to manipulate configuration files through improper input neutralization in Salesforce Agentforce Vibes Extension's...

This vulnerability allows attackers to manipulate LLM prompts to write malicious content to configuration files in Salesforce Mulesoft Anypoint Code B...

This vulnerability in the RS WP Book Showcase WordPress plugin allows attackers to execute arbitrary shortcodes through code injection. It affects all...

This CVE describes a code injection vulnerability in the MapSVG WordPress plugin that allows attackers to inject malicious code through improper input...

PHPJabbers Night Club Booking Software v1.0 has a CSV injection vulnerability in the Languages section Labels parameters field that allows attackers t...

CVE-2025-27218 is an insecure deserialization vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) that allows remote attack...

This vulnerability in Graphics::ColorNames Perl package allows HTML injection when an attacker can place a malicious file in the current working direc...

This vulnerability in GitLab allows attackers to exploit a discrepancy between the web interface and git CLI to trick users into cloning malicious rep...

This CVE describes a fault injection vulnerability in U-Boot's append_uint32_le() function that could allow physical attackers to escalate privileges ...

Bagisto v2.3.7 has a Server-Side Template Injection vulnerability in product description rendering that allows authenticated attackers with product cr...

This CVE describes a prototype pollution vulnerability in carboneio carbone's Formatter Handler component. Attackers can remotely modify object protot...

The WP-Members Membership Plugin for WordPress has a vulnerability that allows authenticated users with Subscriber-level access or higher to execute a...

This vulnerability in OneVision Workspace allows attackers to execute arbitrary Java Expression Language (EL) code, potentially leading to remote code...

CVE-2024-53386 is a DOM clobbering vulnerability in Stage.js that allows attackers to inject HTML elements that shadow the document.currentScript prop...

An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows authenticated administrators to inject arbitrary HTML code in admin screens. This...

This vulnerability allows unauthenticated attackers to execute arbitrary shortcodes in WordPress via the NitroPack plugin, leading to code injection. ...

Apache CloudStack contains a code injection vulnerability in six administrative APIs that allows authenticated administrators to execute arbitrary Jav...

This vulnerability in Flute CMS allows remote attackers to inject malicious code through the /admin/pages/list endpoint by manipulating the 'blocks' p...

This critical vulnerability in DedeCMS allows remote attackers to inject and execute arbitrary code through the article_template_rand.php file. It aff...

This vulnerability allows attackers to bypass sandbox restrictions in MaxKB by copying malicious files to executable directories using Python's shutil...

This vulnerability allows a local attacker to execute arbitrary code through the inter-process communication mechanism between Cura and CuraEngine pro...

This CVE describes a code injection vulnerability in the huggingface/text-generation-inference repository's GitHub Actions workflow. Attackers can exp...

An authenticated attacker with access to create or modify Terms and Conditions documents in Frappe ERPNext can inject malicious Jinja2 templates into ...

An authenticated attacker with Contract Template creation/modification privileges can inject malicious Jinja2 templates into the contract_terms field,...

This vulnerability in the Team Showcase WordPress plugin allows attackers to execute arbitrary shortcodes through code injection. It affects all WordP...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to reset and modify plugin/theme settings due to missin...

This CVE describes a prototype pollution vulnerability in Sverchok 1.3.0's Set Property Mk2 Node. Attackers can remotely manipulate object prototypes ...

A reverse shell vulnerability in MaxKB's function library module allows privileged users to execute arbitrary code and establish remote shell access. ...

The Code Snippets CPT WordPress plugin allows authenticated attackers with Subscriber-level access or higher to execute arbitrary shortcodes due to im...

This CVE describes an Improper Control of Generation of Code vulnerability in Schneider Electric products that process TGML graphics files. Attackers ...

This CVE describes a code injection vulnerability in the Minecraft-Rcon-Manage software that allows attackers to execute arbitrary code on affected sy...

This CVE describes a code injection vulnerability in the quick-media library's SVG plugin when processing PNG files. Attackers can execute arbitrary c...

This vulnerability in Dioxus Components allows arbitrary JavaScript code execution through user-supplied input in the `use_animated_open` function. It...

AVideo versions 14.3.1 through 20.0 contain an unauthenticated remote code execution vulnerability. Attackers can exploit predictable installation sal...

This vulnerability allows attackers who can control markdown file content (like blog posts) to execute arbitrary code on systems running vulnerable ve...

This vulnerability in Longwatch devices allows unauthenticated attackers to execute arbitrary code with SYSTEM-level privileges via HTTP GET requests ...

This vulnerability in RISC Zero's zkVM platform allows a malicious host to write arbitrary data to guest memory locations when the guest calls sys_rea...