CWE-94: Code Injection

This vulnerability allows remote attackers to execute arbitrary code on Apache DolphinScheduler servers by exploiting improper input validation. It af...

This critical vulnerability allows remote attackers to execute arbitrary operating system commands with root privileges on Tenda AC9 routers. Attacker...

This vulnerability allows a local attacker to execute arbitrary code on D3D Security D3D IP Camera devices via a crafted payload. It affects D3D IP Ca...

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code on WordPress servers running the JS Help Desk plugin. Attackers can ...

This CVE describes a code injection vulnerability in Apache InLong that allows attackers to execute arbitrary code remotely. It affects Apache InLong ...

This vulnerability allows authenticated malicious users with access to the Skipper server API in Spring Cloud Data Flow to write arbitrary files anywh...

This vulnerability allows remote attackers to execute arbitrary code on Intelight X-1L traffic controllers running Maxtime version 1.9.6. Attackers ca...

CVE-2024-21552 allows arbitrary code execution on SuperAGI servers through unsafe use of the 'eval' function. Attackers can manipulate LLM outputs to ...

This vulnerability allows remote attackers to execute arbitrary code on D-Link DIR-823X AX3000 routers by sending a specially crafted HTTP request to ...

This vulnerability allows attackers to modify the Nonce value in unsigned flash image headers on Renesas SmartBond devices, bypassing secureboot signa...

CVE-2024-39071 is a critical SQL injection vulnerability in Fujian Kelixun software versions up to 7.6.6.4391 that allows attackers to execute arbitra...

CVE-2024-6602 is a critical memory corruption vulnerability in Mozilla products caused by mismatched memory allocation and deallocation functions. Thi...

This critical vulnerability in Apache CloudStack allows unauthenticated attackers to execute arbitrary commands on hypervisors and management servers ...

This vulnerability allows unauthenticated remote attackers to execute arbitrary PHP code on systems running vulnerable versions of Asial JpGraph Profe...

This vulnerability allows remote code execution in ZNC IRC bouncer servers via the modtcl module when processing KICK commands. Attackers can execute ...

CVE-2024-39017 is a prototype pollution vulnerability in agreejs shared v0.0.1 that allows attackers to inject arbitrary properties into object protot...

CVE-2024-38993 is a prototype pollution vulnerability in rjrodger jsonic-next v2.12.1 that allows attackers to inject arbitrary properties into object...

This vulnerability allows remote attackers to execute arbitrary code on servers running vulnerable versions of vanna-ai/vanna by manipulating LLM-gene...

This vulnerability allows remote code execution in BerriAI/litellm when an attacker sends a malicious payload to the /config/update endpoint. The vuln...

This critical vulnerability in Next4Biz CRM & BPM Software allows remote attackers to inject and execute arbitrary code on affected systems. It affect...

This vulnerability in Emacs Org Mode allows arbitrary code execution when processing malicious Org documents containing specially crafted link abbrevi...

CVE-2024-37124 is a critical vulnerability in Ricoh Streamline NX PC Client that allows arbitrary file creation through dangerous function usage. Atta...

CVE-2024-36575 is a critical prototype pollution vulnerability in getsetprop 1.1.0 that allows attackers to modify JavaScript object prototypes, poten...

This vulnerability in iTerm2 allows remote code execution through malicious escape sequences in window titles when tmux integration is enabled. Attack...

This vulnerability in iTerm2 allows remote code execution when the 'Terminal may report window title' setting is not properly enforced. Attackers coul...

Langflow versions through 0.6.19 contain a remote code execution vulnerability in the custom component API endpoint. Attackers can execute arbitrary P...

CVE-2024-36568 is a critical SQL injection vulnerability in Sourcecodester Gas Agency Management System v1.0 that allows attackers to execute arbitrar...

This CVE describes a command injection vulnerability in Tenda FH1206 routers that allows remote attackers to execute arbitrary commands on the device....

This CVE describes a Prototype Pollution vulnerability in Blackprint's @blackprint/engine v0.9.0 that allows attackers to execute arbitrary code throu...

This CVE describes a critical remote code execution vulnerability in the berriai/litellm project where untrusted input is passed directly to the eval(...

CVE-2023-48643 allows unauthenticated remote command execution in Shrubbery tac_plus TACACS+ servers by injecting commands through authorization reque...

This vulnerability in Zenario CMS allows designers or administrators to execute arbitrary code through insecure Twig filter usage in the Twig Snippet ...

CVE-2024-3955 is a critical command injection vulnerability in CraftBeerPi 4 that allows unauthenticated remote attackers to execute arbitrary command...

This vulnerability allows remote attackers to execute arbitrary code on systems running the vulnerable Ecommerce-CodeIgniter-Bootstrap software. Attac...

This vulnerability allows authenticated users in Znuny and Znuny LTS to upload files to arbitrary writable locations via path traversal in manipulated...

This vulnerability allows unauthenticated attackers to execute arbitrary code on affected S.I.L. 388 systems by sending a specially crafted POST reque...

CVE-2024-21511 is a critical code injection vulnerability in the mysql2 Node.js package. Attackers can execute arbitrary code by exploiting improper s...

This critical vulnerability in flusity-CMS v2.33 allows remote attackers to execute arbitrary code on affected systems by sending specially crafted sc...

This CVE describes a critical arbitrary code injection vulnerability in TensorFlow's Keras framework that allows attackers to execute arbitrary code w...

The mysql2 Node.js package before version 3.9.4 is vulnerable to remote code execution due to improper validation of configuration values. Attackers c...

This critical vulnerability in NFS implementations allows remote attackers to execute arbitrary code on affected systems without requiring authenticat...

This vulnerability in Secure Lockdown Multi Application Edition's kiosk mode allows attackers to bypass security restrictions and execute arbitrary co...

This CVE-2024-31864 is a code injection vulnerability in Apache Zeppelin that allows attackers to execute arbitrary code when connecting to MySQL data...

This vulnerability allows remote attackers to execute arbitrary code on TOTOLINK EX200 routers by sending specially crafted requests to the NTPSyncWit...

This vulnerability allows remote attackers to execute arbitrary commands on Netgear R6850 routers by injecting malicious input into the c4-IPAddr para...

This vulnerability in BeeSCMS v4.0 allows remote attackers to write arbitrary files to the server by exploiting insufficient path isolation and lack o...

CVE-2024-31004 is a critical remote code execution vulnerability in Bento4's MP4 fragment parsing functionality. An attacker can exploit this by sendi...

This vulnerability allows remote attackers to execute arbitrary code on seeyonOA version 8 systems via the importProcess method in the WorkFlowDesigne...

This vulnerability allows attackers to execute arbitrary SQL commands through the /admin/edit_fire_wall.php endpoint in Netentsec NS-ASG 6.3. Successf...

This vulnerability allows attackers to execute arbitrary SQL commands through the /admin/add_getlogin.php endpoint in netentsec NS-ASG 6.3. Successful...