CWE-94: Code Injection

Typecho 1.1/17.10.30 contains a remote code execution vulnerability in install.php that allows attackers to execute arbitrary code on vulnerable serve...

CVE-2023-22855 is a critical remote code execution vulnerability in Kardex Mlog MCC warehouse management software. It allows attackers to upload malic...

This critical vulnerability in phpwcms allows remote attackers to execute arbitrary code during the installation process by manipulating the database ...

CVE-2022-30083 is a critical code injection vulnerability in the EllieGrid Android app version 3.4.1 that allows attackers to execute arbitrary code b...

This critical Moodle vulnerability allows remote code execution through improper PostScript parsing in GhostScript. Attackers can exploit it to take c...

PbootCMS v3.1.2 contains a remote code execution vulnerability in the parserIfLabel function that allows attackers to execute arbitrary code on affect...

CVE-2022-0885 is a critical vulnerability in the Member Hero WordPress plugin that allows unauthenticated attackers to execute arbitrary PHP functions...

CVE-2021-41749 is a critical Server-Side Template Injection vulnerability in the SEOmatic plugin for Craft CMS that allows unauthenticated attackers t...

This is a critical code injection vulnerability in Ruby on Rails Active Storage that allows attackers to execute arbitrary code by manipulating image_...

CVE-2022-29078 is a critical server-side template injection vulnerability in the EJS package for Node.js that allows remote code execution. Attackers ...

This vulnerability allows remote attackers to execute arbitrary code on VMware Workspace ONE Access and Identity Manager systems through server-side t...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of Spring Cloud Function. Attackers can cr...

DWSurvey v3.2.0 contains a remote command execution vulnerability in the SysPropertyAction.java component that allows attackers to execute arbitrary c...

This vulnerability allows authenticated remote attackers to inject and execute arbitrary code on GE Reason RT430, RT431, and RT434 GNSS clock devices....

CVE-2020-15591 is an eval injection vulnerability in F*EX's fexsrv component that allows unauthenticated remote code execution. Attackers can execute ...

CVE-2022-25498 is a critical remote code execution vulnerability in CuppaCMS v1.0 that allows attackers to execute arbitrary code on affected systems ...

This vulnerability in the WPCargo Track & Trace WordPress plugin allows unauthenticated attackers to write arbitrary PHP files anywhere on the web ser...

This CVE describes a Server-side Template Injection (SSTI) vulnerability in Nystudio107 Seomatic plugin for Craft CMS. Attackers can exploit this by m...

CVE-2022-0845 is a critical code injection vulnerability in PyTorch Lightning that allows attackers to execute arbitrary code by exploiting improper i...

This CVE describes a Server-Side Template Injection (SSTI) vulnerability in JetBrains YouTrack that allows attackers to execute arbitrary code on the ...

This CVE describes a server-side template injection (SSTI) vulnerability in iCMS that allows authenticated users to add and render custom templates, l...

CVE-2021-45029 is a critical vulnerability in Apache ShenYu that allows attackers to inject malicious Groovy or SpEL code, leading to remote code exec...

CVE-2021-39979 is a critical code injection vulnerability in HHEE systems that allows attackers to execute arbitrary code. This affects HarmonyOS devi...

This vulnerability in ThinkCMF X2.2.2 and earlier allows attackers to execute arbitrary code via crafted packets, leading to remote code execution. It...

This is a critical remote code execution vulnerability in Ivanti Cloud Services Appliance (CSA) that allows unauthenticated attackers to execute arbit...

This vulnerability allows remote attackers to execute arbitrary code on TP-Link TL-WR840N EU v5 routers by sending a specially crafted payload to the ...

CVE-2021-33816 allows remote attackers to execute arbitrary PHP code on Dolibarr installations through the website builder module. The vulnerability e...

CVE-2021-43466 is a critical remote code execution vulnerability in thymeleaf-spring5 version 3.0.12 where template injection in specific scenarios al...

This vulnerability allows attackers to inject and execute arbitrary web scripts or HTML code through a crafted POST request targeting the filename par...

This vulnerability allows attackers to execute arbitrary code on systems running GlassWire firewall software by exploiting a code injection flaw durin...

CVE-2021-40499 is a critical code injection vulnerability in SAP Cloud Print Manager and SAPSprint components of SAP NetWeaver Application Server for ...

CMSUno 1.7.2 contains a PHP code execution vulnerability that allows attackers to inject malicious PHP code into the password.php file. This enables r...

CVE-2021-42139 is a critical code injection vulnerability in Deno Standard Modules that allows remote code execution when processing untrusted YAML fi...

CVE-2020-21651 is a critical remote code execution vulnerability in Myucms v2.2.1 that allows attackers to execute arbitrary code on affected systems ...

CVE-2021-40323 is a critical vulnerability in Cobbler that allows attackers to poison log files through XMLRPC methods, leading to remote code executi...

CVE-2021-40373 is a critical remote code execution vulnerability in playSMS that allows attackers to execute arbitrary PHP code on affected systems. T...

CVE-2021-29772 is a critical code injection vulnerability in IBM API Connect that allows attackers to execute arbitrary code by exploiting unsanitized...

CVE-2021-40084 is a critical vulnerability in opensysusers (versions through 0.6) that allows remote code execution via shell injection in the GECOS f...

This vulnerability allows remote attackers to execute arbitrary PHP code on EmpireCMS 7.5 installations by writing malicious code to the install.php f...

This vulnerability in the better-macro Rust crate allows remote attackers to execute arbitrary code through malicious proc-macros. The crate intention...

CVE-2020-18172 is a critical code injection vulnerability in Trezor Bridge 2.0.27 that allows attackers to execute arbitrary code with elevated privil...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of total.js framework. Attackers can explo...

CVE-2021-35514 is a critical code injection vulnerability in Narou.rb that allows attackers to execute arbitrary Ruby code by manipulating novel title...

CVE-2020-21784 is a critical code injection vulnerability in phpwcms 1.9.13 that allows attackers to execute arbitrary code via the /phpwcms/setup/set...

This vulnerability allows unauthenticated remote attackers to execute arbitrary PHP code on VoIPmonitor systems by injecting malicious code into confi...

This vulnerability in total.js framework allows remote attackers to execute arbitrary code on affected systems by exploiting improper input validation...

This vulnerability allows server-side template injection (SSTI) in SaltStack Salt's Jinja renderer, enabling attackers to execute arbitrary code on Sa...

CVE-2021-26120 is a critical code injection vulnerability in Smarty template engine that allows attackers to execute arbitrary PHP code via specially ...

CVE-2020-35339 is a critical remote code execution vulnerability in 74cms version 5.0.1 that allows attackers to execute arbitrary code on affected se...

This vulnerability is a server-side template injection (SSTI) in JetBrains YouTrack, allowing attackers to inject malicious templates that can execute...