CWE-94: Code Injection

This vulnerability allows remote code execution by exploiting improper input sanitization in industrial controllers. Attackers can inject malicious co...

This vulnerability allows authorized users in SAP Commerce Backoffice to inject malicious code into source rules, which are translated to Drools rules...

CVE-2021-21433 is a critical remote code execution vulnerability in Discord Recon Server version 0.0.1, allowing attackers to execute arbitrary comman...

This vulnerability in Langflow's CSV Agent node allows attackers to execute arbitrary Python and OS commands on the server via prompt injection, leadi...

The SPIP tickets plugin contains an unauthenticated remote code execution vulnerability in forum preview handling. Attackers can inject malicious cont...

The Saisies plugin for SPIP contains a critical Remote Code Execution vulnerability (CWE-94: Improper Control of Generation of Code) that allows attac...

CVE-2026-27174 allows unauthenticated attackers to execute arbitrary PHP code on MajorDoMo home automation systems via the admin panel's PHP console. ...

CVE-2020-37186 is a critical remote code execution vulnerability in Chevereto image hosting software. Attackers can inject malicious PHP code during d...

This vulnerability in DiskCache (python-diskcache) allows arbitrary code execution when an attacker with write access to the cache directory injects m...

The jsonpath package is vulnerable to arbitrary code execution via malicious JSON Path expressions. Attackers can inject JavaScript code that gets exe...

CVE-2025-69983 is a critical remote code execution vulnerability in FUXA v1.2.7 that allows attackers to execute arbitrary system commands through mal...

This CVE describes a code injection vulnerability in Orval, a tool that generates TypeScript clients from OpenAPI/Swagger specifications. The incomple...

This critical vulnerability in Ivanti Endpoint Manager Mobile allows unauthenticated attackers to inject malicious code and execute arbitrary commands...

CVE-2026-1281 is a critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that allows unauthenticated attackers to execute arb...

CVE-2025-69564 is a critical SQL injection vulnerability in code-projects Mobile Shop Management System 1.0 that allows attackers to execute arbitrary...

This vulnerability in vm2 sandbox for Node.js allows attackers to bypass Promise callback sanitization and escape the sandbox environment. Attackers c...

CVE-2026-0768 is a critical remote code execution vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code on ...

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary Python code on systems running vulnerable versions of Foundat...

A critical command injection vulnerability in ipTIME routers allows attackers to execute arbitrary operating system commands by injecting malicious in...

This critical vulnerability in Malware Remover allows remote attackers to bypass security protections through improper code generation control. Attack...

This vulnerability allows unauthenticated attackers to execute arbitrary commands remotely on affected JD Cloud NAS routers. Attackers can gain full c...

Eigent multi-agent Workforce version 0.0.60 contains a 1-click Remote Code Execution vulnerability that allows attackers to execute arbitrary code on ...

This vulnerability allows unauthenticated attackers to execute arbitrary code on WordPress servers running the Print Invoice & Delivery Notes for WooC...

Insecure permissions in MineAdmin v3.x scheduled tasks allow attackers to execute arbitrary commands, leading to remote code execution and full accoun...

This CVE describes a GitHub Actions workflow vulnerability in Parse Server that grants elevated permissions to CI/CD pipelines. It allows unauthorized...

Aqara Hub devices contain an undocumented remote access mechanism that allows attackers to execute arbitrary commands without authentication. This vul...

An unauthenticated remote code execution vulnerability in ChanCMS v3.3.4 allows attackers to execute arbitrary code via template injection in the /vip...

CVE-2025-67489 allows remote attackers to execute arbitrary code on Vite development servers using vulnerable versions of @vitejs/plugin-rs. This affe...

A critical JIT miscompilation vulnerability in Firefox's JavaScript engine allows arbitrary code execution when processing malicious JavaScript. This ...

CVE-2024-32641 is a critical remote code execution vulnerability in Masa CMS that allows unauthenticated attackers to execute arbitrary code on affect...

This vulnerability allows unauthenticated attackers to execute arbitrary code on WordPress sites running vulnerable versions of the Advanced Custom Fi...

The Sneeit Framework WordPress plugin has a critical Remote Code Execution vulnerability that allows unauthenticated attackers to execute arbitrary co...

CVE-2025-65099 is a critical code execution vulnerability in Claude Code where Yarn plugins could execute malicious code before user consent. This aff...

The Holiday Class Post Calendar WordPress plugin has a critical remote code execution vulnerability in all versions up to 7.1. Unauthenticated attacke...

This CVE-2025-47588 is a critical code injection vulnerability in the Dynamic Pricing With Discount Rules for WooCommerce plugin that allows attackers...

This CVE describes a critical code injection vulnerability in the Widget Logic WordPress plugin that allows remote code execution. Attackers can injec...

CVE-2025-50739 is a critical remote code execution vulnerability in iib0011 omni-tools v0.4.0 caused by unsafe JSON deserialization. Attackers can exe...

This CVE describes a critical remote code execution vulnerability in the s2Member WordPress plugin. Attackers can inject arbitrary code through improp...

ZTE's ZXCDN product has a critical Apache Struts vulnerability allowing unauthenticated remote code execution. Attackers can execute arbitrary command...

This vulnerability allows remote attackers to execute arbitrary code on Knowage servers by exploiting unsafe JXPathContext usage in MetaService.java. ...

CVE-2025-59041 is a critical remote code execution vulnerability in Claude Code where malicious git user.email configuration could execute arbitrary c...

CVE-2025-58764 is a command injection vulnerability in Claude Code that allows bypassing the confirmation prompt to execute untrusted commands. This a...

CVE-2025-57141 is a critical SQL injection vulnerability in rsbi-os 4.7's sqlite-jdbc component that allows remote attackers to execute arbitrary code...

This vulnerability allows remote code execution in DataEase BI tools through a JDBC URL bypass. Attackers can exploit a flaw in H2 database driver fil...

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code on WordPress sites using the Cloudflare Image Resizing plugin. All W...

This CVE describes a critical code injection vulnerability in Apache OFBiz's scrum plugin, allowing unauthenticated attackers to execute arbitrary cod...

This vulnerability allows remote attackers to execute arbitrary JavaScript code on vulnerable Flowise systems by sending specially crafted POST reques...

CVE-2011-10018 is a critical backdoor vulnerability in myBB 1.6.4 that allows unauthenticated remote attackers to execute arbitrary PHP code via manip...

This critical vulnerability in Studio 3T allows remote attackers to execute arbitrary code on affected systems by sending a crafted payload to the chi...

FoxCMS versions up to 1.2.5 contain a code injection vulnerability in the admin template file editor that allows authenticated attackers to execute ar...