CWE-94: Code Injection

This vulnerability allows remote attackers to execute arbitrary code on Huashi Private Cloud CDN Live Streaming Acceleration Server via the manager/ip...

This vulnerability allows remote attackers to execute arbitrary code on systems running fastmagsync v1.7.51 and earlier. Attackers can exploit the get...

CVE-2023-41503 is a critical SQL injection vulnerability in Student Enrollment In PHP v1.0 that allows attackers to execute arbitrary SQL commands thr...

CVE-2024-0917 is a critical remote code execution vulnerability in PaddlePaddle 2.6.0 due to improper input validation (CWE-94). Attackers can execute...

CVE-2024-25180 is a disputed vulnerability in pdfmake 0.2.9 where a crafted POST request to the /pdf endpoint could allow remote code execution. The v...

CVE-2024-25291 is a critical remote code execution vulnerability in Deskfiler v1.2.3 that allows attackers to execute arbitrary code by uploading a ma...

A critical remote code execution vulnerability in EpointWebBuilder allows attackers to execute arbitrary code via the infoid parameter. This affects a...

This SQL injection vulnerability in Simple Student Attendance System v1.0 allows remote attackers to execute arbitrary SQL commands via the id paramet...

This CVE describes a critical SQL injection vulnerability in the Zoo Management System 1.0 by PHPGurukul. Attackers can inject malicious SQL commands ...

This vulnerability in ZKteco ZKBio WDMS allows attackers to download database backups by predicting timestamp-based filenames in the /files/backup/ co...

This vulnerability in He3 App for macOS allows remote attackers to execute arbitrary code by exploiting misconfigured Electron settings (RunAsNode and...

This vulnerability allows remote attackers to execute arbitrary code on Apache DolphinScheduler servers due to improper input validation (CWE-94). It ...

This CVE describes a script injection vulnerability in Huawei's email module that allows attackers to execute arbitrary code. Successful exploitation ...

CVE-2024-25502 is a critical directory traversal vulnerability in flusity CMS v2.4 that allows remote attackers to execute arbitrary code and access s...

This vulnerability allows remote attackers to execute arbitrary code on FreeBSD systems by sending specially crafted 802.11 beacon frames with malicio...

A critical vulnerability in Sui Blockchain nodes before version 1.6.3 allows remote attackers to execute arbitrary code and cause denial of service by...

This vulnerability in Malwarebytes Binisoft Windows Firewall Control allows remote attackers to execute arbitrary code via gRPC named pipes. Attackers...

This vulnerability allows remote attackers to execute arbitrary code on Blurams Lumi Security Camera (A31C) devices. Attackers can exploit improper in...

CVE-2024-23746 is a local privilege escalation vulnerability in Miro Desktop for macOS that allows attackers to inject malicious code into the Electro...

A critical remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 devices allows attackers to execute arbitrary operating system comman...

This vulnerability in Loom on macOS allows remote attackers to execute arbitrary code by exploiting the RunAsNode and enableNodeCliInspectArguments se...

A critical vulnerability in Snapcast 0.27.0 allows remote attackers to execute arbitrary code and access sensitive information through crafted JSON-RP...

CVE-2022-1609 is a critical remote code execution vulnerability in the School Management WordPress plugin. Unauthenticated attackers can execute arbit...

CVE-2023-46226 is a critical remote code execution vulnerability in Apache IoTDB that allows attackers to execute arbitrary code on affected systems. ...

This CVE describes a code injection vulnerability in Apache InLong that allows attackers to execute arbitrary code remotely. It affects Apache InLong ...

This is a Server-Side Template Injection (SSTI) vulnerability in jeecg-boot version 3.5.3 that allows remote attackers to execute arbitrary code via c...

This vulnerability in ArtistScope ArtisBrowser allows attackers to bypass access restrictions by exploiting the com.artis.browser.IntentReceiverActivi...

This vulnerability allows remote code execution in the TV Browser Android app through JavaScript injection via an exposed MainActivity. Attackers can ...

This vulnerability allows remote attackers to execute arbitrary JavaScript code in the TCL Browser TV Web BrowseHere application. Attackers can exploi...

CVE-2023-49032 is a critical vulnerability in LTB Self Service Password that allows remote attackers to hijack SMS verification codes and send them to...

Multisuns EasyLog web+ has a critical code injection vulnerability (CWE-94) that allows unauthenticated remote attackers to execute arbitrary code on ...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on Apache OFBiz servers by exploiting a deprecated XML-RPC compon...

HtmlUnit versions before 3.9.0 are vulnerable to remote code execution when processing malicious webpages containing XSLT transformations. This allows...

This CVE describes a dylib injection vulnerability in XMachOViewer that allows attackers to inject malicious dynamic libraries into the application's ...

The Asgaros Forum WordPress plugin before version 2.7.1 allows forum administrators (who may not have full WordPress admin privileges) to configure in...

CVE-2023-6016 allows remote attackers to execute arbitrary code on H2O dashboard servers through insecure deserialization in the POJO model import fea...

CVE-2023-47397 is a critical code injection vulnerability in WeBid auction software that allows attackers to execute arbitrary code on affected system...

This vulnerability in Best Courier Management System v1.0 allows remote attackers to execute arbitrary code and escalate privileges by sending a craft...

This vulnerability allows remote attackers to execute arbitrary code on systems running lmxcms v1.41 by sending crafted scripts to the admin.php file....

This vulnerability allows remote attackers to execute arbitrary code on Contec SolarView Compact devices via the texteditor.php component. It affects ...

This vulnerability in SeaCMS v12.9 allows remote attackers to execute arbitrary commands through the admin_safe.php component. This is a critical remo...

This vulnerability in IXP EasyInstall 6.6.14884.0 allows unauthenticated attackers to execute arbitrary commands on affected systems via API calls. At...

This vulnerability in GetSimpleCMS v3.4.0a allows remote attackers to execute arbitrary code via a crafted payload to phpinfo(). Attackers can achieve...

CVE-2023-41630 is a critical remote code execution vulnerability in eSST Monitoring v2.147.1 that allows unauthenticated attackers to execute arbitrar...

CVE-2023-29453 is a critical template injection vulnerability in Go's html/template package that allows attackers to inject arbitrary JavaScript code ...

CVE-2023-43625 is a critical remote code execution vulnerability in Simcenter Amesim's SOAP endpoint. Unauthenticated remote attackers can perform DLL...

This CVE describes a supply chain vulnerability in fsevents where versions before 1.2.11 fetched binaries from an external URL that could be compromis...

CVE-2023-3656 is an unauthenticated remote code execution vulnerability in cashIT! devices from PoS/Dienstleistung, Entwicklung & Vertrieb GmbH. Attac...

DedeBIZ v6.2.11 contains critical remote code execution vulnerabilities in the file management admin interface. Attackers can execute arbitrary code o...

XunruiCMS up to version 4.5.1 contains a remote code execution vulnerability in index.php that allows attackers to execute arbitrary code via crafted ...