CWE-95: CWE-95
Yearly Trend
Top Affected Vendors
All CWE-95 CVEs (49)
OpenC3 COSMOS versions 5.0.0 through 6.10.1 contain a critical remote code execution vulnerability in the JSON-RPC API. Unauthenticated attackers can ...
Jan 13, 2026CVE-2025-54322 is an unauthenticated remote code execution vulnerability in Xspeeder SXZOS that allows attackers to execute arbitrary Python code as r...
Dec 27, 2025CVE-2025-55727 is a critical remote code execution vulnerability in XWiki Remote Macros that allows attackers to execute arbitrary code on affected sy...
Sep 9, 2025This vulnerability allows remote code execution via injection of arbitrary wiki syntax including Groovy, Python, and Velocity script macros through th...
Mar 2, 2023This critical vulnerability in n8n's workflow Expression evaluation system allows authenticated users to execute arbitrary code on the server. Attacke...
Jan 27, 2026This vulnerability allows any user with edit rights on any XWiki page to perform arbitrary remote code execution by adding specific objects to their u...
Jul 31, 2024This vulnerability allows any user with edit rights on any XWiki page to execute arbitrary code on the server by adding a malicious XWiki.SearchSugges...
Apr 10, 2024This vulnerability allows any registered user in XWiki Platform to execute arbitrary scripts with programming rights via their user profile content fi...
Aug 23, 2023This vulnerability allows any user with view rights on any document in XWiki Platform to execute arbitrary code with programming rights, leading to re...
Jun 23, 2023This vulnerability allows any logged-in XWiki user to inject malicious code into their first name field, which executes with programming rights. This ...
Jun 23, 2023This vulnerability allows any user with view rights on commonly accessible documents to execute arbitrary Groovy, Python, or Velocity code in XWiki, l...
Apr 16, 2023CVE-2023-30537 is a critical remote code execution vulnerability in XWiki Platform that allows authenticated users with object creation rights to exec...
Apr 16, 2023This vulnerability allows any user with edit rights in XWiki to execute arbitrary Groovy, Python, or Velocity code due to improper escaping in the inc...
Apr 16, 2023CVE-2023-29209 is a critical remote code execution vulnerability in XWiki Commons that allows authenticated users with view rights to execute arbitrar...
Apr 15, 2023This vulnerability allows remote code execution in Chamilo LMS by exploiting unfiltered parameter evaluation in SOAP requests. Attackers can execute a...
Mar 2, 2026This vulnerability allows remote attackers to execute arbitrary Python code on Langflow installations without authentication. Attackers can achieve fu...
Jan 23, 2026This CVE describes a critical remote code execution vulnerability in InstantCMS versions 1.6 and earlier. Attackers can execute arbitrary PHP code on ...
Aug 1, 2025CVE-2024-7954 is a critical remote code execution vulnerability in SPIP's porte_plume plugin. Unauthenticated attackers can execute arbitrary PHP code...
Aug 23, 2024MEGABOT Discord bot versions before 1.5.0 contain a remote code execution vulnerability in the /math command due to unsafe use of Python's eval() func...
Aug 20, 2024calculator-boilerplate v1.0 contains a critical remote code execution vulnerability through improper use of the eval() function in calculator.js. Atta...
Jul 18, 2024This vulnerability in GeoTools allows remote code execution when applications process user-supplied XPath expressions. Attackers can execute arbitrary...
Jul 2, 2024This vulnerability allows unauthenticated remote attackers to execute arbitrary code on GeoServer instances by sending specially crafted OGC requests....
Jul 1, 2024This CVE describes a critical remote code execution vulnerability in Proofpoint Enterprise Protection webservices. An anonymous attacker can execute a...
Mar 8, 2023This vulnerability in XWiki Confluence Migrator Pro allows unprivileged users without programming rights to execute arbitrary code by exploiting unesc...
Mar 7, 2025The W3SPEEDSTER WordPress plugin is vulnerable to authenticated remote code execution via the 'script' parameter in the hookBeforeStartOptimization() ...
Oct 30, 2024This vulnerability allows remote code execution on XWiki servers through crafted document references. Attackers can execute arbitrary code when an adm...
Apr 10, 2024This vulnerability allows attackers to execute arbitrary code as root by exploiting an eval injection in CloudLinux ai-bolit's malware de-obfuscation ...
Dec 12, 2025CVE-2025-66474 is an HTML injection vulnerability in XWiki Rendering that allows authenticated users to execute arbitrary script macros, leading to re...
Dec 10, 2025This vulnerability allows remote code execution on MindsDB servers when the ChromaDB integration is installed. Attackers can execute arbitrary Python ...
Sep 12, 2024This vulnerability allows remote code execution on MindsDB servers when the Microsoft SharePoint integration is installed. Attackers can craft malicio...
Sep 12, 2024This vulnerability allows remote code execution on MindsDB servers when the Weaviate integration is installed. Attackers can execute arbitrary Python ...
Sep 12, 2024This vulnerability allows local users on systems running vulnerable Checkmk versions to escalate their privileges to root/admin level. It affects Chec...
Jan 12, 2024This vulnerability in Proofpoint Enterprise Protection allows authenticated users to execute arbitrary code through eval injection in webutils. It aff...
Mar 8, 2023CVE-2023-48699 is a remote code execution vulnerability in fastbots library versions before 0.1.5. Attackers can inject malicious Python code into loc...
Nov 21, 2023This vulnerability allows remote code execution in applications using Locutus library versions before 3.0.0. Attackers can inject arbitrary JavaScript...
Mar 6, 2026The Request a Quote Form WordPress plugin versions ≤2.5.2 contain a remote code execution vulnerability that allows unauthenticated attackers to exe...
Aug 6, 2025This vulnerability allows remote code execution in Refuel Autolabel library when processing malicious CSV files. Attackers can execute arbitrary Pytho...
Sep 12, 2024This vulnerability allows a local user to execute arbitrary code within the nodejs process context of OpenVPN Connect by exploiting the ELECTRON_RUN_A...
Feb 20, 2024This vulnerability in OpenVPN Connect for macOS allows local users to execute arbitrary code by exploiting the DYLD_INSERT_LIBRARIES environment varia...
Jan 8, 2024CVE-2023-7101 is an arbitrary code execution vulnerability in Spreadsheet::ParseExcel Perl module version 0.65. Attackers can execute arbitrary Perl c...
Dec 24, 2023Open WebUI versions 0.6.224 and earlier contain a code injection vulnerability in the Direct Connections feature. Malicious external model servers can...
Nov 8, 2025This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes through Quiz Maker plugins. Attackers can potentially in...
Jan 26, 2025Horilla HRMS version 1.3.0 contains an authenticated Remote Code Execution vulnerability where privileged users (like administrators) can execute arbi...
Sep 24, 2025This CVE describes an eval injection vulnerability in TOTOLINK A3002R routers that allows attackers to execute arbitrary code by manipulating input to...
Aug 18, 2025This vulnerability allows authenticated attackers to execute arbitrary system commands on AlchemyCMS servers by exploiting unsafe use of Ruby's eval()...
Jan 19, 2026This vulnerability allows attackers to execute arbitrary JavaScript code on affected TP-Link router admin portals via Man-in-the-Middle attacks. The r...
Feb 5, 2026This CVE describes an injection vulnerability in macOS that allows malicious applications to access sensitive user data. The issue affects macOS syste...
Dec 12, 2025This CVE describes an injection vulnerability in macOS that allows malicious applications to access sensitive user data. The issue affects macOS syste...
Dec 12, 2025CVE-2025-12140 is a critical remote code execution vulnerability in applications with an insecure 'redirectToUrl' mechanism. Unauthenticated attackers...
Nov 27, 2025About CWE-95 (CWE-95)
Our database tracks 49 CVEs classified as CWE-95, with 26 rated critical and 17 rated high severity. The average CVSS score for CWE-95 vulnerabilities is 8.8.
External reference: View CWE-95 on MITRE CWE →
Monitor CWE-95 Vulnerabilities
Get alerted when new CWE-95 CVEs affect your infrastructure.
Start Monitoring Free