CWE-94: Code Injection

This critical vulnerability allows unauthenticated attackers to execute arbitrary code on Frauscher Sensortechnik FDS101 devices by sending manipulate...

This vulnerability allows remote attackers to execute arbitrary code on Android devices running the Imou Life app (com.mm.android.smartlifeiot) by sen...

CVE-2023-39320 is a critical vulnerability in Go's module system that allows arbitrary code execution when processing malicious go.mod files. It affec...

Cuppa CMS v1.0 contains a critical remote code execution vulnerability in the email_outgoing parameter at /Configuration.php. Attackers can execute ar...

This vulnerability allows remote attackers to execute arbitrary code through the evaluate function in LangChain's numexpr library integration. It affe...

This vulnerability in LangChain versions before 0.0.312 allows remote attackers to execute arbitrary code by loading a malicious JSON file containing ...

This vulnerability in pandasai allows remote attackers to execute arbitrary code by sending specially crafted requests to the prompt function. It affe...

This vulnerability allows attackers to send crafted payloads to the user_login.cgi endpoint on affected Draytek Vigor devices, enabling arbitrary code...

This vulnerability allows unauthenticated attackers to access hidden management functionality in affected ELECOM wireless LAN routers, enabling them t...

This vulnerability in LangChain allows remote attackers to execute arbitrary code by manipulating the prompt parameter. It affects all systems running...

This vulnerability in LangChain version 0.0.194 allows remote code execution through unsafe Python exec() calls in PALChain functions. Attackers can e...

This critical vulnerability in DedeCMS allows remote attackers to execute arbitrary code on affected systems by sending specially crafted POST request...

CVE-2023-39017 is a code injection vulnerability in quartz-jobs 2.3.2 and earlier that could allow remote code execution via the SendQueueMessageJob.e...

CVE-2023-39020 is a critical code injection vulnerability in Stanford Parser versions 3.9.2 and below that allows remote attackers to execute arbitrar...

CVE-2023-39022 is a critical code injection vulnerability in oscore v2.2.6 and earlier that allows remote attackers to execute arbitrary code by passi...

BoofCV 0.42 contains a code injection vulnerability in the camera calibration file loading component. Attackers can execute arbitrary code by tricking...

CVE-2023-39015 is a critical code injection vulnerability in webmagic-extension's PhantomJSDownloader component that allows remote attackers to execut...

CVE-2023-3519 is an unauthenticated remote code execution vulnerability in Citrix ADC and Citrix Gateway appliances. Attackers can exploit this withou...

CVE-2021-37384 is a critical remote code execution vulnerability affecting certain Furukawa ONU (Optical Network Unit) models. Unauthenticated attacke...

CVE-2023-37466 is a critical sandbox escape vulnerability in vm2, a Node.js sandbox library. Attackers can bypass Promise handler sanitization using t...

CVE-2023-38198 is a critical remote code execution vulnerability in acme.sh, an ACME protocol client for obtaining TLS certificates. The vulnerability...

CVE-2023-37659 is a critical Remote Command Execution vulnerability in xalpha v0.11.4 that allows attackers to execute arbitrary commands on affected ...

This vulnerability in LangChain allows attackers to execute arbitrary Python code through malicious inputs containing os.system, exec, or eval functio...

CVE-2021-31635 is a Server-Side Template Injection vulnerability in jFinal framework that allows remote attackers to execute arbitrary code by manipul...

This vulnerability allows an adversary who controls an external source of Lua rules to execute arbitrary Lua code in Suricata. It affects Suricata ins...

This critical vulnerability allows remote attackers to execute arbitrary code on affected Sitecore systems without authentication. It affects Sitecore...

This vulnerability allows remote code execution through improper input validation in Nuxt.js. Attackers can inject malicious code that gets executed o...

This critical vulnerability in Atos Unify OpenScape 4000 Assistant and Manager allows unauthenticated remote attackers to execute arbitrary code on af...

This vulnerability in Go's cgo build system allows malicious Go modules to execute arbitrary code during the build process. Attackers can smuggle dang...

This CVE-2023-29402 is a critical code injection vulnerability in Go's cgo build system. It allows attackers to execute arbitrary code during build ti...

This vulnerability allows unauthenticated attackers to execute arbitrary PHP functions via the epsilon_framework_ajax_action in vulnerable WordPress t...

CVE-2023-32692 is a critical remote code execution vulnerability in CodeIgniter's Validation library. Attackers can execute arbitrary PHP code by expl...

Camaleon CMS v2.7.0 contains a Server-Side Template Injection vulnerability in the formats parameter that allows attackers to execute arbitrary code o...

A code injection vulnerability in LINE WORKS Drive Explorer for macOS allows authenticated attackers to execute arbitrary code with full disk access p...

CVE-2023-29861 is a critical remote code execution vulnerability in FLIR-DVTEL camera devices that allows attackers to execute arbitrary code via craf...

This vulnerability allows remote attackers to execute arbitrary code on Agasio Camera devices by manipulating the check and authLevel parameters. It a...

PHPOK v6.3 contains a remote code execution vulnerability (CWE-94: Improper Control of Generation of Code) that allows attackers to execute arbitrary ...

JFinal CMS v5.1.0 contains a critical remote code execution vulnerability in the ActionEnter function that allows attackers to execute arbitrary code ...

This vulnerability allows remote attackers to execute arbitrary code on Aigital Wireless-N Repeater Mini_Router devices by sending a specially crafted...

This vulnerability allows remote code execution in MediaWiki installations using the Score extension. Any user with article edit permissions (includin...

CVE-2023-29492 is a critical remote code execution vulnerability in Novi Survey software that allows attackers to execute arbitrary commands on affect...

This vulnerability allows remote attackers to execute arbitrary code on devices running vulnerable versions of APUS Group Launcher by exploiting the F...

This CVE allows remote code execution through improper input validation in Apache Airflow Hive Provider. Attackers can inject malicious code that gets...

This vulnerability allows remote code execution via XSLT processing in HtmlUnit when browsing malicious webpages. Attackers can execute arbitrary code...

This vulnerability allows remote code execution in Stimulsoft reporting products by exploiting improper input validation. Attackers can craft maliciou...

CVE-2023-28333 is a Mustache template injection vulnerability in Moodle's pix helper that could allow remote code execution if user input is improperl...

A command execution vulnerability in JHR-N916R router firmware allows attackers to execute arbitrary commands on affected devices, potentially gaining...

This vulnerability in Swig template engines allows attackers to execute arbitrary code by exploiting prototype pollution in Object.prototype. It affec...

Funadmin v3.2.0 contains a remote code execution vulnerability in the Addon.php controller component that allows attackers to execute arbitrary code o...

This vulnerability allows attackers to execute arbitrary commands on Shenzhen Zhibotong Electronics WBT WE1626 routers by connecting to the UART seria...