CWE-470
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Monthly
Arbitrary method call in Kirby CMS (versions ≤ 4.9.0 and 5.0.0–5.4.0) lets attackers in the pool of authenticated Panel users invoke unintended PHP model methods by abusing REST API search and collection-query parameters such as filter, sort, not, group, pluck, and findBy. Because Kirby did not validate which model attributes a query could reference, an attacker can reach sensitive methods like password() to leak password hashes, root() to disclose absolute server filesystem paths, loginPasswordless() to escalate into another user's account, or delete() to mass-delete queried models. No CVSS score, EPSS probability, or CISA KEV listing is provided in the source data, and no public exploit is identified at time of analysis, though the vendor rates the real-world impact as high.
Remote code execution in CtrlPanel versions 1.1.1 and prior allows authenticated administrators to execute arbitrary PHP code by supplying a fully qualified class name to the admin settings update endpoint, which instantiates or invokes static methods on that class without allowlist validation. Any class resolvable by the Composer autoloader - including third-party dependencies - can be targeted, enabling gadget-chain exploitation through PHP magic methods such as __construct, __toString, or __wakeup. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, the fix is confirmed in version 1.2.0, released April 2026.
Remote code execution in Amazon Redshift JDBC Driver versions prior to 2.2.2 allows unauthenticated network attackers to execute arbitrary code by manipulating JDBC connection URL parameters under high-complexity conditions. The driver can be exploited to load and execute arbitrary classes from the application's classpath when specific connection URL parameters are controlled by an attacker. AWS released patch version 2.2.2 with GHSA advisory GHSA-wmmv-vvg5-993q. CVSS 9.2 (Critical) reflects high impact across confidentiality, integrity, and availability, though attack complexity is high and attack vector prerequisites are present.
Remote attackers can invoke arbitrary application callables in PraisonAI multi-agent systems by manipulating tool-call names to bypass tool declaration controls. Vulnerable versions (praisonai <4.6.37, praisonaiagents <1.6.37) resolve unmatched tool names against module globals and __main__ namespaces without permission validation when _perm_allow is None (default configuration). This enables unauthorized function execution beyond the intended tool list, allowing integrity compromise and potential information disclosure. Patched versions 4.6.37 and 1.6.37 address the tool name resolution vulnerability.
Remote code execution in Craft CMS allows any authenticated user to execute arbitrary system commands via malicious Yii object configuration. This vulnerability exploits uncleansed field layout data in the condition handling path, bypassing previous CVE-2024-4990 mitigations. Attackers can inject behaviors through POST requests to admin endpoints like /admin/actions/element-search/search, triggering command execution via AttributeTypecastBehavior abuse. Publicly available exploit code exists in the GitHub advisory (GHSA-qrgm-p9w5-rrfw) with detailed proof-of-concept. Affects Craft CMS 4.0.0-RC1 through 4.16.16 and 5.0.0-RC1 through 5.8.20. Vendor-released patches: 4.16.17 and 5.8.21.
Apache OpenNLP's model loading mechanism executes arbitrary static initializers through crafted manifest entries, enabling attackers to trigger side effects in any classpath class before type validation occurs. Affects OpenNLP versions before 2.5.9 and 3.0.0-M3. While not direct RCE, exploitation becomes viable when third-party models from untrusted sources (community repositories, model-sharing platforms) are loaded in environments containing classes with JNDI lookups, network I/O, or filesystem operations in static initializers. EPSS score of 0.29% suggests low widespread exploitation probability despite CVSS 9.8, though attack surface grows with model-sharing ecosystem adoption. No public exploit identified at time of analysis; vendor-released patches available.
Mass deletion of content, assets, and user accounts in Statamic CMS versions prior to 5.73.20 and 6.13.0 occurs via query parameter manipulation on Control Panel endpoints (requiring minimal authentication like 'view entries' permission) or unauthenticated exploitation through REST/GraphQL APIs if explicitly enabled without authentication. Authenticated attackers with low-privilege viewer roles can escalate to delete resources they should only read. Unauthenticated attackers can exploit misconfigured API endpoints (non-default configuration) to achieve the same destructive impact. CVSS 8.1 (High) reflects network-accessible attack with low complexity, though exploitation conditions vary significantly by deployment configuration. No active exploitation confirmed (not in CISA KEV), EPSS data not provided.
An unauthenticated remote code execution vulnerability exists in Zabbix's Frontend 'validate' action that permits blind instantiation of arbitrary PHP classes without authentication. The vulnerability affects Zabbix products across multiple versions as indicated by the CPE wildcard notation, and while the immediate impact appears limited by environment-specific constraints, successful exploitation could lead to information disclosure or arbitrary code execution depending on available PHP classes in the deployment context. No CVSS score, EPSS data, or KEV status is currently published, but the attack vector is unauthenticated and likely has low complexity, suggesting meaningful real-world risk.
A Remote Code Execution vulnerability exists in Craft CMS versions 4.x and 5.x that bypasses previous security patches for behavior injection attacks. An authenticated user with control panel access can exploit an unsanitized fieldLayouts parameter in the ElementIndexesController to inject malicious Yii2 behaviors and achieve arbitrary code execution. While no active exploitation (KEV) is documented, a patch is available and the vulnerability requires only low-privilege authenticated access, making it a significant risk for deployments with multiple control panel users.
Remote code execution in Craft CMS allows authenticated administrators with control panel access to execute arbitrary code by exploiting an incomplete patch that left the same vulnerable gadget chain pattern in multiple controllers. The vulnerability requires administrative privileges and the allowAdminChanges setting to be enabled, limiting exposure to trusted users with elevated access. Craft CMS versions before 4.17.5 and 5.9.11 are affected and should be patched immediately.
Arbitrary method call in Kirby CMS (versions ≤ 4.9.0 and 5.0.0–5.4.0) lets attackers in the pool of authenticated Panel users invoke unintended PHP model methods by abusing REST API search and collection-query parameters such as filter, sort, not, group, pluck, and findBy. Because Kirby did not validate which model attributes a query could reference, an attacker can reach sensitive methods like password() to leak password hashes, root() to disclose absolute server filesystem paths, loginPasswordless() to escalate into another user's account, or delete() to mass-delete queried models. No CVSS score, EPSS probability, or CISA KEV listing is provided in the source data, and no public exploit is identified at time of analysis, though the vendor rates the real-world impact as high.
Remote code execution in CtrlPanel versions 1.1.1 and prior allows authenticated administrators to execute arbitrary PHP code by supplying a fully qualified class name to the admin settings update endpoint, which instantiates or invokes static methods on that class without allowlist validation. Any class resolvable by the Composer autoloader - including third-party dependencies - can be targeted, enabling gadget-chain exploitation through PHP magic methods such as __construct, __toString, or __wakeup. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, the fix is confirmed in version 1.2.0, released April 2026.
Remote code execution in Amazon Redshift JDBC Driver versions prior to 2.2.2 allows unauthenticated network attackers to execute arbitrary code by manipulating JDBC connection URL parameters under high-complexity conditions. The driver can be exploited to load and execute arbitrary classes from the application's classpath when specific connection URL parameters are controlled by an attacker. AWS released patch version 2.2.2 with GHSA advisory GHSA-wmmv-vvg5-993q. CVSS 9.2 (Critical) reflects high impact across confidentiality, integrity, and availability, though attack complexity is high and attack vector prerequisites are present.
Remote attackers can invoke arbitrary application callables in PraisonAI multi-agent systems by manipulating tool-call names to bypass tool declaration controls. Vulnerable versions (praisonai <4.6.37, praisonaiagents <1.6.37) resolve unmatched tool names against module globals and __main__ namespaces without permission validation when _perm_allow is None (default configuration). This enables unauthorized function execution beyond the intended tool list, allowing integrity compromise and potential information disclosure. Patched versions 4.6.37 and 1.6.37 address the tool name resolution vulnerability.
Remote code execution in Craft CMS allows any authenticated user to execute arbitrary system commands via malicious Yii object configuration. This vulnerability exploits uncleansed field layout data in the condition handling path, bypassing previous CVE-2024-4990 mitigations. Attackers can inject behaviors through POST requests to admin endpoints like /admin/actions/element-search/search, triggering command execution via AttributeTypecastBehavior abuse. Publicly available exploit code exists in the GitHub advisory (GHSA-qrgm-p9w5-rrfw) with detailed proof-of-concept. Affects Craft CMS 4.0.0-RC1 through 4.16.16 and 5.0.0-RC1 through 5.8.20. Vendor-released patches: 4.16.17 and 5.8.21.
Apache OpenNLP's model loading mechanism executes arbitrary static initializers through crafted manifest entries, enabling attackers to trigger side effects in any classpath class before type validation occurs. Affects OpenNLP versions before 2.5.9 and 3.0.0-M3. While not direct RCE, exploitation becomes viable when third-party models from untrusted sources (community repositories, model-sharing platforms) are loaded in environments containing classes with JNDI lookups, network I/O, or filesystem operations in static initializers. EPSS score of 0.29% suggests low widespread exploitation probability despite CVSS 9.8, though attack surface grows with model-sharing ecosystem adoption. No public exploit identified at time of analysis; vendor-released patches available.
Mass deletion of content, assets, and user accounts in Statamic CMS versions prior to 5.73.20 and 6.13.0 occurs via query parameter manipulation on Control Panel endpoints (requiring minimal authentication like 'view entries' permission) or unauthenticated exploitation through REST/GraphQL APIs if explicitly enabled without authentication. Authenticated attackers with low-privilege viewer roles can escalate to delete resources they should only read. Unauthenticated attackers can exploit misconfigured API endpoints (non-default configuration) to achieve the same destructive impact. CVSS 8.1 (High) reflects network-accessible attack with low complexity, though exploitation conditions vary significantly by deployment configuration. No active exploitation confirmed (not in CISA KEV), EPSS data not provided.
An unauthenticated remote code execution vulnerability exists in Zabbix's Frontend 'validate' action that permits blind instantiation of arbitrary PHP classes without authentication. The vulnerability affects Zabbix products across multiple versions as indicated by the CPE wildcard notation, and while the immediate impact appears limited by environment-specific constraints, successful exploitation could lead to information disclosure or arbitrary code execution depending on available PHP classes in the deployment context. No CVSS score, EPSS data, or KEV status is currently published, but the attack vector is unauthenticated and likely has low complexity, suggesting meaningful real-world risk.
A Remote Code Execution vulnerability exists in Craft CMS versions 4.x and 5.x that bypasses previous security patches for behavior injection attacks. An authenticated user with control panel access can exploit an unsanitized fieldLayouts parameter in the ElementIndexesController to inject malicious Yii2 behaviors and achieve arbitrary code execution. While no active exploitation (KEV) is documented, a patch is available and the vulnerability requires only low-privilege authenticated access, making it a significant risk for deployments with multiple control panel users.
Remote code execution in Craft CMS allows authenticated administrators with control panel access to execute arbitrary code by exploiting an incomplete patch that left the same vulnerable gadget chain pattern in multiple controllers. The vulnerability requires administrative privileges and the allowAdminChanges setting to be enabled, limiting exposure to trusted users with elevated access. Craft CMS versions before 4.17.5 and 5.9.11 are affected and should be patched immediately.