CWE-94: Code Injection

This vulnerability in ThinkPHP v5.1 allows remote attackers to execute arbitrary code via the routecheck function due to improper input validation. It...

CVE-2025-51387 allows remote code execution in GitKraken Desktop due to misconfigured Electron Fuses. Attackers can execute arbitrary code by passing ...

LangChain v0.3.51 contains an indirect prompt injection vulnerability in the GmailToolkit component that allows attackers to execute arbitrary code vi...

This CVE describes a code injection vulnerability in Samsung MagicINFO 9 Server that allows attackers to execute arbitrary code on affected systems. T...

This vulnerability in Livewire v3 allows unauthenticated attackers to execute arbitrary commands remotely on affected systems. The issue occurs when s...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of Island Lake WebBatch by sending a speci...

The Bears Backup plugin for WordPress has a critical Remote Code Execution vulnerability that allows unauthenticated attackers to execute arbitrary co...

An unsafe JavaScript evaluation vulnerability in pyLoad's CAPTCHA processing allows unauthenticated remote attackers to execute arbitrary code in clie...

The GB Forms DB WordPress plugin has a critical remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code on...

This vulnerability allows attackers to execute arbitrary code on educoder challenge containers by injecting malicious content. It affects all users of...

A critical remote code execution vulnerability exists in HPE Insight Remote Support (IRS) software due to improper control of code generation (CWE-94)...

CVE-2023-47030 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated attackers to execute arbit...

CVE-2023-47032 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows attackers to execute arbitrary code via cr...

This vulnerability allows remote attackers to execute arbitrary code on NCR ITM Web terminal systems by sending crafted scripts to the IP camera URL c...

CVE-2025-32798 allows arbitrary code execution during conda package builds due to unsafe eval() usage in recipe selectors. Attackers can inject malici...

A Server-Side Template Injection vulnerability in BeyondTrust's Remote Support and Privileged Remote Access chat feature allows attackers to execute a...

This CVE describes a critical command injection vulnerability in the Wavlink WL-WN579A3 router's QoS configuration interface. Attackers can execute ar...

This vulnerability allows remote code execution through code injection in Langroid's TableChatAgent when processing untrusted user input. It affects a...

CVE-2025-32363 is a critical remote code execution vulnerability in mediDOK software versions before 2.5.18.43. Attackers can exploit insecure deseria...

This vulnerability allows attackers with UDF creation privileges in Apache IoTDB to execute arbitrary code by registering malicious functions from unt...

This vulnerability in Vvveb CMS v1.0.6 allows remote attackers to execute arbitrary code through the plugin mechanism. Attackers can upload malicious ...

CVE-2025-26845 is an eval injection vulnerability in Znuny that allows authenticated users with configuration write access to execute arbitrary comman...

SeaCMS v13.3 contains a remote code execution vulnerability in phomebak.php that allows attackers to execute arbitrary code via crafted HTTP requests....

This critical code injection vulnerability in Profelis Informatics SambaBox allows attackers to execute arbitrary code on affected systems. All SambaB...

This vulnerability allows remote attackers to execute arbitrary code on systems running phpgurukul Online Banquet Booking System V1.2. Attackers can e...

This vulnerability in forkosh Mime Tex allows remote attackers to execute arbitrary code via specially crafted scripts. It affects all users running v...

Pycel versions up to 1.0b30 allow remote code execution when processing untrusted Excel spreadsheets containing malicious formulas. Attackers can craf...

CVE-2025-29662 is a critical remote code execution vulnerability in LandChat 3.25.12.18 that allows unauthenticated attackers to execute arbitrary sys...

CVE-2024-56518 allows remote attackers to execute arbitrary code on Hazelcast Management Center servers by uploading a malicious hazelcast-client XML ...

CVE-2025-3115 is a critical vulnerability in Spotfire software that allows attackers to inject malicious code and upload malicious files due to insuff...

This CVE describes a critical command injection vulnerability in Edimax AC1200 routers that allows attackers to execute arbitrary commands on the devi...

The tagDiv Composer WordPress plugin has a PHP object instantiation vulnerability that allows unauthenticated attackers to instantiate arbitrary PHP o...

This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X18 routers via the cstecgi.cgi interface. Attac...

This vulnerability allows remote attackers to execute arbitrary commands on Netgear WNR854T routers by sending a specially crafted request to post.cgi...

CVE-2024-54806 allows remote attackers to execute arbitrary system commands on Netgear WNR854T routers through the cmd.cgi web interface. This affects...

This vulnerability allows remote attackers to execute arbitrary code on FoxCMS v1.2.5 systems through the case display page in index.html. It affects ...

This vulnerability allows authenticated attackers to execute arbitrary commands within Appsmith Docker containers by exploiting a misconfigured Postgr...

This critical vulnerability in IIT Bombay's Bodhitree cs101 platform allows remote attackers to execute arbitrary code on affected systems. It affects...

This vulnerability allows a physically proximate attacker to execute arbitrary code on Termius installations due to insufficient Electron Fuses config...

CVE-2025-1550 is a critical remote code execution vulnerability in Keras where the Model.load_model function can execute arbitrary Python code even wi...

CVE-2025-1497 is a critical remote code execution vulnerability in PlotAI where insufficient validation of LLM-generated output allows attackers to ex...

CVE-2024-42733 is a critical remote code execution vulnerability in Docmosis Tornado document generation software. It allows attackers to execute arbi...

This Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code by injecting malicious payload...

This critical vulnerability in Vasion Print (formerly PrinterLogic) allows remote attackers to execute arbitrary code on affected systems without auth...

This CVE describes a critical command injection vulnerability in Tuoshi/Dionlink 4G Wi-Fi devices. Unauthenticated remote attackers can execute arbitr...

FoxCMS v1.2.5 contains a critical remote code execution vulnerability in the index() method of the Sitemap controller. This allows unauthenticated att...

A critical Remote Code Execution vulnerability in Loggrove v1.0 allows attackers to execute arbitrary code on affected systems by manipulating the pat...

This CVE describes a critical remote code execution vulnerability in GZDoom v4.13.1. Attackers can exploit it by tricking users into opening a malicio...

A critical SQL injection vulnerability in Uniclare Student Portal versions 2 and earlier allows remote attackers to execute arbitrary SQL commands thr...

This critical memory management vulnerability in libx264 allows attackers to execute arbitrary code by processing a specially crafted AAC file. Any ap...