CWE-94: Code Injection

CVE-2025-1302 is a critical Remote Code Execution vulnerability in jsonpath-plus versions before 10.3.0. Attackers can execute arbitrary code on affec...

This vulnerability allows remote attackers to execute arbitrary code on DataEase v1 systems by exploiting the user account and password components. At...

This vulnerability allows remote attackers to execute arbitrary code on Joomla websites using the Sourcerer extension. Attackers can exploit improper ...

This critical vulnerability in Android's Bluetooth GATT server allows remote attackers to execute arbitrary code without user interaction or elevated ...

A type confusion vulnerability in Magma's NAS message decoding function allows attackers to execute arbitrary code or cause denial of service via spec...

This vulnerability allows remote attackers to execute arbitrary code on Ruijie RG-EW300N wireless access points by sending specially crafted MQTT brok...

CVE-2025-22906 is a critical command injection vulnerability in RE11S v1.11 that allows attackers to execute arbitrary commands on affected devices by...

This critical vulnerability in D-Link DWR-M972V routers allows remote attackers to execute arbitrary code with root privileges via SSH without authent...

CVE-2023-28354 is a critical remote code execution vulnerability in Opsview Monitor Agent 6.8 that allows unauthenticated attackers to execute arbitra...

This vulnerability allows unauthenticated attackers to execute arbitrary code on WordPress servers running the vulnerable File Upload plugin. All Word...

This vulnerability in the WordPress File Upload plugin allows unauthenticated attackers to execute arbitrary code, read sensitive files, and delete fi...

CVE-2024-50660 is a critical file upload bypass vulnerability in AdPortal 3.0.39 that allows remote attackers to upload malicious files and execute ar...

This CVE describes a Server-Side Template Injection vulnerability in AdPortal 3.0.39 that allows remote attackers to execute arbitrary code by manipul...

The SEO LAT Auto Post WordPress plugin has a critical vulnerability that allows unauthenticated attackers to overwrite plugin files, which can lead to...

This vulnerability in pyrage (Python bindings for the age encryption library) allows arbitrary code execution through maliciously crafted age files. A...

CVE-2024-56145 is a critical remote code execution vulnerability in Craft CMS that allows attackers to execute arbitrary code on affected systems. Use...

This vulnerability allows attackers to execute arbitrary code on servers running vulnerable versions of the UniSharp Laravel File Manager package. By ...

GetSimple CMS CE 3.3.19 has a critical vulnerability in its template editing function that allows authenticated attackers to execute arbitrary code on...

This vulnerability allows remote attackers to execute arbitrary code on INOVANCE AM401_CPU1608TPTN programmable logic controllers via the ExecuteUserP...

CVE-2024-36622 is a command injection vulnerability in RaspAP raspap-webgui that allows attackers to execute arbitrary commands on the system by explo...

A SQL injection vulnerability in PHPGurukul COVID 19 Testing Management System v1.0 allows remote attackers to execute arbitrary SQL commands via the ...

H3C GR-1800AX MiniGRW1B0V100R007 devices are vulnerable to remote code execution via the aspForm parameter, allowing attackers to execute arbitrary co...

This is a critical file upload vulnerability in OfficeWeb365 versions 8.6.1.0 and 7.18.23.0 that allows remote attackers to upload arbitrary files, le...

This critical vulnerability in Weaver E-cology allows unauthenticated attackers to execute arbitrary code remotely by crafting malicious requests. Att...

CVE-2024-50919 is a critical vulnerability in Jpress CMS that allows attackers to upload arbitrary files, including malicious JSP files, leading to re...

This CVE describes a Server-Side Request Forgery (SSRF) and code injection vulnerability in Apache OFBiz. Attackers can exploit it to make the server ...

This vulnerability allows attackers to upload arbitrary files to the NUS-M9 ERP Management Software via the /Production/UploadFile endpoint. Successfu...

PyMOL 2.5.0 contains a critical vulnerability in its 'Run Script' function that allows arbitrary Python code execution via malicious .PYM files. Attac...

This vulnerability allows unauthenticated remote code execution in agentscope workflow utilities. Attackers can execute arbitrary commands through the...

Qualitor v8.24 contains a critical remote code execution vulnerability via the gridValoresPopHidden parameter, allowing attackers to execute arbitrary...

This vulnerability allows remote attackers to execute arbitrary commands on Draytek Vigor3900 routers by injecting malicious commands into the mainfun...

This is a critical input validation vulnerability in ServiceNow's Now Platform that allows unauthenticated remote code execution. All ServiceNow insta...

This SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows remote attackers to execute arbitrary SQL commands through craf...

CVE-2024-48514 is a critical code injection vulnerability in php-heic-to-jpg library versions 1.0.5 and below. Attackers can execute arbitrary code on...

This critical vulnerability in Mitel MiCollab Desktop Client and MiVoice Business SVI allows unauthenticated attackers to execute arbitrary commands t...

This CVE describes a remote code execution vulnerability in MariaDB v10.5 where an attacker could execute arbitrary code by loading a malicious shared...

CVE-2024-21534 is a critical Remote Code Execution vulnerability in jsonpath-plus package affecting all versions. Attackers can execute arbitrary code...

A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code by placing a malicious DLL in the same directory a...

RuoYi v4.7.9 and earlier contains a code injection vulnerability in the code generation feature that allows attackers to escape from comments and exec...

FileSender versions before 2.49 contain a server-side template injection (SSTI) vulnerability that allows attackers to execute arbitrary code on the s...

SeaCMS 13.2 contains a remote code execution vulnerability in sql.class.chp where a security check function is bypassed during execution. Attackers ca...

This CVE describes a code injection vulnerability in SFS Consulting ww.Winsure software that allows attackers to execute arbitrary code on affected sy...

CVE-2024-6596 is a critical remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary C# code via malicious curve...

This CVE describes a critical Server-Side Request Forgery (SSRF) and code injection vulnerability in Apache OFBiz. Attackers can exploit this to make ...

This critical vulnerability allows remote attackers to execute arbitrary code on D-Link DAP-2310 access points via a stack-based buffer overflow in th...

CVE-2024-41366 is a critical remote code execution vulnerability in RPi-Jukebox-RFID version 2.7.0 that allows attackers to execute arbitrary code on ...

CVE-2024-41368 is a critical remote code execution vulnerability in RPi-Jukebox-RFID version 2.7.0 that allows attackers to execute arbitrary code on ...

CVE-2024-41361 is a critical remote code execution vulnerability in RPi-Jukebox-RFID version 2.7.0 that allows attackers to execute arbitrary code on ...

HP Security Manager contains a critical remote code execution vulnerability (CWE-94: Code Injection) in its open-source libraries. Attackers can execu...

SquirrellyJS template engine versions 9.0.0 contain a code injection vulnerability in the options.varName component that allows attackers to execute a...