Skip to main content

Code Injection

4841 CVEs technique

Monthly

CVE-2026-14691 LOW POC Monitor

Code injection in SourceCodester Multi-Vendor Online Grocery Management System 1.0 allows remote low-privileged attackers to execute arbitrary PHP code by manipulating the `content[]` argument passed to the `update_settings_info` function in `classes/SystemSettings.php`. A public proof-of-concept exploit has been disclosed on GitHub, and exploitation requires only a low-privileged authenticated session over the network. No CISA KEV listing exists, but the public exploit materially lowers the barrier for opportunistic attacks against any internet-exposed instance.

Code Injection PHP RCE Multi Vendor Online Grocery Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-12252 PyPI HIGH PATCH This Week

Arbitrary code execution in the NLTK Python library (nltk/nltk 3.9.3 and earlier) allows an attacker to run untrusted Java code when a victim loads a malicious JAR through five Stanford interface wrappers (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, StanfordNeuralDependencyParser). These classes pass a user-controllable JAR path to an internal java() helper that calls subprocess.Popen() with no SHA256 integrity check, so a substituted or poisoned JAR executes with the user's privileges. This is a regression of CVE-2026-0848, whose SHA256 verification fix was applied only to StanfordSegmenter and never propagated to these five classes; no public exploit is identified at time of analysis, though a huntr bounty report exists.

Code Injection RCE Nltk Nltk Red Hat
NVD VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2026-14459 HIGH PATCH This Week

Local privilege escalation via argument injection in TUBITAK BILGEM's pardus-software (the software-center application for the Turkish Pardus Linux distribution) affects all versions up to and including 1.0.4. A low-privileged local user can smuggle attacker-controlled argument delimiters into a command the application invokes with elevated privileges, yielding full compromise of the host (confidentiality, integrity, and availability all high) with no user interaction. No public exploit has been identified at time of analysis, and the issue is not on CISA KEV; it is fixed in version 1.0.5.

Code Injection Pardus Software
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13341 HIGH PATCH This Week

Indirect prompt injection in the Kong Konnect Model Context Protocol (MCP) server (konghq mcp-konnect) before version 1.0.0 allows a remote attacker to smuggle malicious instructions into content that an LLM agent processes, causing the agent to issue unintended Kong Konnect API requests. Because the injected instructions execute with the trust and credentials of the connected agent, an attacker can exfiltrate sensitive Konnect data or drive management API calls the operator never intended. No public exploit identified at time of analysis, but the CVSS 7.4 rating (scope-changed, confidentiality-high) reflects meaningful impact once an agent ingests attacker-controlled data.

Code Injection Mcp Konnect
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2026-11778 MEDIUM This Month

Arbitrary shortcode execution in the CURCY Multi Currency for WooCommerce WordPress plugin (versions up to and including 2.2.14) allows unauthenticated attackers to invoke any registered WordPress shortcode by sending a crafted request to a vulnerable action handler in frontend/cache.php. The root cause is a failure to validate the shortcode value before passing it to do_shortcode(), meaning any shortcode registered on the site - including those that expose user data, perform database queries, or render sensitive page content - can be triggered without authentication. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, though the low attack complexity and zero-authentication requirement elevate practical risk above what the moderate CVSS score suggests.

Code Injection WordPress RCE Curcy Multi Currency For Woocommerce Smoothly On Woocommerce 9 X
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2026-54891 MEDIUM PATCH This Month

Blind plaintext injection into Erlang/OTP TLS clients allows a network-positioned attacker to insert unauthenticated APPLICATION_DATA records during the handshake that the application subsequently receives as authenticated post-handshake server data. The root asymmetry is in tls_gen_connection:handle_protocol_record/3, which correctly rejects pre-handshake APPLICATION_DATA for TLS server endpoints but omits the equivalent guard for client endpoints, enabling record buffering prior to authentication. No active exploitation has been confirmed (not in CISA KEV, no POC referenced), but the network-only attack requirement and breadth of affected OTP versions - spanning OTP 17.0 through current - make patching urgent for Erlang-based services that consume TLS client data in untrusted network environments.

Code Injection Otp
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-57624 CRITICAL Act Now

Unauthenticated remote code execution affects Creative Themes' Blocksy Companion Pro WordPress plugin in all versions up to and including 2.1.46, allowing remote attackers to inject and execute arbitrary code (CWE-94) without any authentication or user interaction. Rated CVSS 10.0 with a scope-changed vector, this is a maximum-severity flaw reported by Patchstack. No public exploit identified at time of analysis and it is not currently listed in CISA KEV, but the trivial exploitability of an unauthenticated RCE makes it a high-priority patching target.

Code Injection RCE Blocksy Companion Pro
NVD VulDB
CVSS 3.1
10.0
EPSS
0.7%
CVE-2026-27436 CRITICAL Act Now

Remote code execution in the Five Star Business Profile and Schema WordPress plugin (versions up to and including 2.3.19) allows an attacker holding an Editor-level or higher account to inject and execute arbitrary PHP code on the host. Reported by Patchstack and rated CVSS 9.1 due to its scope-changing impact, the flaw turns a trusted content role into full server compromise. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CWE-94 code-injection root cause makes reliable exploitation straightforward for any authorized high-privilege user.

Code Injection RCE Five Star Business Profile And Schema
NVD VulDB
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-55794 PHP HIGH POC PATCH GHSA This Week

Authenticated remote code execution in Craft CMS 5.9.0 through 5.9.x allows control panel users with entry-editing permissions to inject unsandboxed Twig code via the HTTP Referer header during entry save operations. Because the signed redirect URL derived from the attacker-controlled Referer is compiled with renderObjectTemplate() instead of the sandboxed renderSandboxedObjectTemplate(), a low-privileged CMS operator can achieve server-side template injection leading to code execution. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is fixed in Craft CMS 5.10.0.

Code Injection RCE
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-14383 HIGH PATCH This Week

Remote code execution in the V8 JavaScript engine of Google Chrome before 150.0.7871.46 allows a remote attacker who lures a victim to a crafted HTML page to execute arbitrary code — though notably only within the renderer sandbox rather than achieving full host compromise. Rated CVSS 8.8 and stemming from a code-generation flaw (CWE-94) in V8, it affects all Chrome desktop installations on the vulnerable channel; a fix has shipped, but there is no public exploit identified at time of analysis and CISA SSVC records exploitation status as none.

Code Injection Google RCE Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-48819 npm MEDIUM PATCH GHSA This Month

Prototype pollution in @hey-api/openapi-ts affects all versions through 0.97.2, allowing remote unauthenticated attackers to substitute the prototype chain of the returned params slot object by passing a crafted key such as '$query___proto__' through any application that forwards user-supplied parameters to a generated SDK method. The flaw resides in a runtime template (dist/clients/core/params.ts) that is copied verbatim into every generated SDK, meaning every downstream npm package regenerated from this tool carries the vulnerable code - confirmed affected consumers include @opencode-ai/sdk and @trigger.dev/sdk. A functional proof-of-concept is publicly available; exploitation is not confirmed as actively exploited and is absent from CISA KEV.

Node.js Docker Code Injection Prototype Pollution
NVD GitHub
CVSS 3.1
4.8
CVE-2026-55688 MEDIUM PATCH This Month

Cookie tossing in AsyncHttpClient (AHC) library allows a malicious HTTP server to plant cookies scoped to an unrelated trusted domain, affecting versions 2.0.0-2.15.x and 3.0.0.Beta1-3.0.10. ThreadSafeCookieStore accepts and stores a cookie's Domain attribute value without verifying that the responding host is authorised to set cookies for that domain, so any server the client contacts can inject a cookie that AHC will automatically forward to the targeted domain on subsequent requests. Java applications sharing a single AHC instance - and therefore its default shared CookieStore - across calls to both attacker-influenced and trusted hosts are the primary attack surface; no public exploit has been identified at time of analysis, and vendor-released fixes are available in 2.16.0 and 3.0.11.

Code Injection Java Async Http Client
NVD GitHub
CVSS 3.1
4.0
EPSS
0.2%
CVE-2026-49091 HIGH This Week

Log injection in Elastic Kibana (fixed in 7.17.15 and 8.11.1) allows an attacker with low-privilege access to embed unneutralized control characters in input that Kibana writes verbatim to its log files; when an operator later views those logs in a terminal that interprets ANSI/control sequences, the injected payload can forge, hide, or rewrite displayed log content. The issue is tracked as CWE-117 (Improper Output Neutralization for Logs) and carries a vendor CVSS of 8.0. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Elastic Kibana
NVD VulDB
CVSS 3.1
8.0
EPSS
0.2%
CVE-2026-58454 HIGH POC This Week

Authenticated remote code execution in JAIOTlink C492A-W6 Wi-Fi IP cameras (firmware 4.8.30.57701411) lets a logged-in attacker plant a shell script in writable JFFS2 persistent storage and invoke it via popen() through the authenticated Anyka config HTTP endpoint, yielding reboot-surviving persistent RCE. Publicly available exploit code exists (published by VulnCheck), though there is no confirmed active exploitation in CISA KEV. The CVSS 4.0 score of 7.7 reflects high attack complexity offset by full compromise of confidentiality, integrity, and availability.

Code Injection RCE C492A W6 Wi Fi Ip Camera
NVD GitHub
CVSS 4.0
7.7
EPSS
0.5%
CVE-2026-8857 NONE PATCH Awaiting Data

Code injection in the Wikimedia Foundation Timeline extension (EasyTimeline) allows authenticated wiki editors to execute arbitrary server-side code via crafted timeline syntax processed by the Perl-based EasyTimeline.Pl script and its PHP integration layer Timeline.Php. The vulnerability stems from CWE-94 improper code generation control, where user-supplied timeline markup is passed to the backend Perl interpreter without sufficient sanitization, enabling remote code execution on the MediaWiki server. No public exploit code has been identified at time of analysis, but the RCE tag and network-accessible attack vector make this a high-priority patching target for any publicly editable or semi-public MediaWiki instance.

Code Injection PHP RCE Timeline
NVD VulDB
EPSS
0.3%
CVE-2026-24249 HIGH This Week

Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux allows a low-privileged local attacker to achieve code execution, privilege escalation, data tampering, and information disclosure. Megatron Bridge is NVIDIA's model-interoperability tooling used to convert and load large-language-model checkpoints in the Megatron/PyTorch training stack, where unsafe object deserialization (CWE-94) lets attacker-controlled serialized data run arbitrary code in the process context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 7.8 (High) rating with full C/I/A impact makes it a meaningful risk on shared or multi-tenant ML infrastructure.

Deserialization Code Injection Nvidia RCE Information Disclosure +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24248 HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge for Linux stems from improper control of code generation (CWE-94), allowing an attacker who convinces a user to process a malicious artifact to run code in the context of the training/inference workload. Successful exploitation can escalate privileges, tamper with data, and disclose information. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 3.1 vector (AV:L/UI:R) indicates local access with user interaction is required.

Code Injection Nvidia Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-14083 MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in Google Chrome before 150.0.7871.47 enables remote attackers to inject arbitrary scripts or HTML across security origins by serving a crafted HTML page to a victim user. The flaw stems from insufficient input validation in Chrome's HTML handling (CWE-20), and its Scope:Changed CVSS metric confirms the core danger: injected scripts escape the attacker-controlled origin and execute in the context of other web origins, undermining the browser's same-origin policy. No public exploit code or CISA KEV listing is identified at time of analysis; EPSS stands at 0.18% (8th percentile), consistent with the vendor's own 'Low' Chromium severity classification despite a NVD CVSS score of 6.1.

Code Injection Google Suse
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-13812 MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in Google Chrome for iOS prior to 150.0.7871.47 enables a remote attacker to inject arbitrary scripts or HTML across origins by exploiting insufficient input validation triggered through specific user UI gestures on a crafted page. The scope change (S:C in CVSS) is the critical dimension here - successful exploitation bypasses the same-origin policy, potentially granting the attacker script execution in the context of arbitrary origins within the browser session. No public exploit code has been identified and EPSS sits at just 0.20% (11th percentile), indicating low observed exploitation activity despite the high-impact class of vulnerability.

Code Injection Apple Google Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.2%
CVE-2026-56264 PyPI CRITICAL PATCH Act Now

Arbitrary JavaScript execution in Crawl4AI's Docker API server (versions before 0.8.7) lets remote attackers submit code to the /execute_js endpoint, which runs it inside the server's Chromium browser context launched with --disable-web-security. Because the browser's same-origin and CORS protections are disabled, attacker-controlled JavaScript can pivot into server-side request forgery against internal services and metadata endpoints. No public exploit has been identified at time of analysis, and the CVSS 4.0 base score is 9.2 (critical), though the vector's high attack complexity and present attack requirements indicate exploitation is not fully trivial.

Code Injection SSRF Docker RCE Crawl4ai
NVD GitHub
CVSS 4.0
9.2
EPSS
0.5%
CVE-2026-58449 CRITICAL PATCH Act Now

Remote code execution in txtai through 9.10.0 lets a remote attacker reach the API /reindex endpoint and supply an arbitrary dotted callable (for example subprocess.getoutput) that the server imports and invokes during reindexing, running commands as the server process. The flaw is exploitable only when the API is network-exposed with no TOKEN set (so all endpoints are unauthenticated) and the index is writable - not the default posture. No public exploit has been identified at time of analysis, but the issue carries a high CVSS 4.0 base score of 9.3 and was reported by VulnCheck.

Code Injection RCE Txtai
NVD GitHub
CVSS 4.0
9.3
EPSS
0.7%
CVE-2026-10134 CRITICAL Act Now

Remote code execution in IBM Langflow OSS 1.0.0 through 1.9.3 lets an unauthenticated attacker inject and run arbitrary Python via the flow `tool_code` mechanism, gaining full control of the Langflow process. Because the scope changes (S:C), the attacker can read every process secret, read and tamper with all flows, conversations, messages, uploads and saved components in the database, reach internal services and cloud metadata endpoints, and pivot across tenants on the same instance. This is a maximum-severity (CVSS 10.0) flaw, though no public exploit has been identified at time of analysis and it is not listed in CISA KEV.

Code Injection IBM File Upload RCE Langflow
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2026-10109 CRITICAL NEWS Act Now

Remote code execution in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 lets unauthenticated network attackers run arbitrary code by abusing improper handling of the pre-authentication DRDA handshake. Because the flaw is reachable before any login, any client able to reach the database listener can trigger it, and the CVSS 3.1 base score of 9.8 reflects full compromise of confidentiality, integrity, and availability. No public exploit is identified at time of analysis and the CVE is not listed in CISA KEV.

Code Injection IBM RCE Db2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2026-7873 CRITICAL PATCH Act Now

Code injection in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets an authenticated user execute arbitrary operating-system commands and read sensitive files such as stored credentials, escalating from low-privileged application access to full host compromise. Rated CVSS 9.9 with a scope-changing vector, the flaw enables lateral movement once an attacker holds any valid Langflow account. No public exploit identified at time of analysis, but a vendor patch is available.

Code Injection IBM RCE Langflow Oss
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-58138 CRITICAL PATCH Act Now

Unauthenticated remote code execution in Orkes Conductor (conductor-oss) versions 3.21.21 through 3.30.1 lets remote attackers run arbitrary OS commands by POSTing inline workflow definitions to the workflow API before any authentication check. The flaw stems from GraalVM script evaluators left in an unsandboxed state (HostAccess.ALL / allowAllAccess(true)), allowing JavaScript or Python expressions in INLINE, LAMBDA, DO_WHILE, and SWITCH tasks to reach Java reflection and subprocess APIs. Reported by VulnCheck; no public exploit identified at time of analysis, though a detailed vendor/researcher advisory exists.

Code Injection Python Java RCE Conductor
NVD GitHub
CVSS 4.0
9.3
EPSS
0.9%
CVE-2026-48192 MEDIUM CISA This Month

Code injection via malicious project files in Mendix Studio Pro 10.11 through 11.11 allows arbitrary code execution on a developer's workstation when a victim opens and runs a specially crafted project through the build pipeline. Siemens' own ProductCERT (SSA-779310) reported this flaw, classifying it under CWE-94, with patches available only for the 10.24 and 11.6 long-term support lines. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, the breadth of affected versions - spanning the entire 10.x and 11.x release trees - means most active Mendix developer environments are exposed.

Code Injection RCE Mendix Studio Pro 10 11 Mendix Studio Pro 10 12 Mendix Studio Pro 10 13 +23
NVD VulDB
CVSS 4.0
6.8
EPSS
0.2%
CVE-2026-58116 CRITICAL Act Now

Remote code execution in LLaMA-Factory through version 0.9.5 allows attackers who can reach the Gradio WebUI to run arbitrary Python by entering a malicious model path in the Chat or Training interfaces. Because the app forwards unvalidated user input into Hugging Face's AutoTokenizer.from_pretrained() and AutoModel.from_pretrained() with a hardcoded trust_remote_code=True, a referenced repository's custom modeling code executes with the server process's privileges. Publicly available exploit code exists (a proof-of-concept gist plus a VulnCheck advisory), though it is not listed in CISA KEV and no in-the-wild abuse is documented in the available data.

Code Injection Python RCE Llama Factory
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-13749 HIGH PATCH This Week

Arbitrary code execution in Snowflake CLI versions prior to 3.19 lets an attacker run code in the context of any developer who bundles or deploys an attacker-supplied Snowpark project. The flaw lives in the Snowpark annotation processor callback template, where untrusted project content is interpolated directly into generated Python code (CWE-94). No public exploit has been identified at time of analysis, but the attack is straightforward and high-impact (CVSS 8.8) given that it executes with the victim's local privileges; exploitation hinges on the victim running the bundling/deployment workflow against malicious content.

Code Injection Python RCE Snowflake Cli
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-37637 CRITICAL Act Now

Remote code execution in Alexantr filemanager v1.0 lets remote attackers run arbitrary code through the filemanager.php component, mapped to CWE-94 (code injection). The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates a network-reachable flaw requiring no authentication or user interaction, and publicly available exploit code exists (GitHub POC by SLO-CYBER-SEC). SSVC rates exploitation as proof-of-concept with total technical impact and automatable=yes, but it is not on CISA KEV and no EPSS score was provided.

Code Injection PHP RCE N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2026-13500 MEDIUM POC This Month

Code injection in ANTLR4's Grammar Action Block Handler allows remote attackers to execute arbitrary code by supplying a crafted grammar file processed by the tool. All versions up to and including 4.13.2 are affected via the OutputFile.java code generation pathway. A public proof-of-concept exploit exists on GitHub (no KEV listing), though the vendor has not acknowledged or patched the issue, leaving users without an official fix.

Code Injection Java RCE Antlr4 Red Hat +1
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-49413 HIGH This Week

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector is constructed, so AT_SECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. An unprivileged local user can inject a shared library via LD_PRELOAD into a set-user-ID or set-group-ID Linux binary, gaining the privileges of that binary.

Code Injection Freebsd
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-53576 CRITICAL PATCH Act Now

Unauthenticated remote code execution in Kestra orchestration platform before 1.0.45 and 1.3.21 lets anonymous attackers fully compromise the host. The REST API authentication filter treats any request path ending in /configs as the public instance-config endpoint, so an attacker appending the literal segment configs (e.g. to flow-create or execution-trigger routes) bypasses Basic-Auth, creates a flow with a Shell/Process task, and executes commands as root inside the container; with the default docker-compose mounting /var/run/docker.sock, this pivots to the host Docker daemon. No public exploit identified at time of analysis, but the technique is fully described in the vendor advisory and is trivially reproducible.

Code Injection Docker RCE Kestra
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.5%
CVE-2026-53319 MEDIUM This Month

Spurious WARN_ON_ONCE calls in the Linux kernel's blk-wbt subsystem trigger unnecessary kernel warnings and stack traces under expected failure conditions - memory pressure or a pre-registered writeback throttle. Local low-privileged users can provoke this via ioctl(BLKPG) during MTD partition creation under memory-constrained conditions, generating noise in kernel logs and, on panic_on_warn-enabled kernels, potentially causing a system crash. No public exploit exists and the EPSS score of 0.14% (4th percentile) places this firmly in the low-priority tier; it has not been added to CISA KEV.

Code Injection Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-48749 Go CRITICAL POC PATCH GHSA Act Now

Container-to-host filesystem escape in Incus before 7.2.0 lets a user who can import images and create instances read and write arbitrary files on the host as root. A malicious image carrying a duplicate top-level 'rootfs' symlink (rootfs -> /) passes image validation, and the stopped-container file API later chroots into that symlinked path via forkfile, exposing the host root filesystem through 'incus file pull/push'. A working proof-of-concept is published in the GitHub Security Advisory (GHSA-2q3f-q5pq-g8wv); publicly available exploit code exists, but there is no public exploit identified beyond the PoC and the CVE is not in CISA KEV.

Code Injection
NVD GitHub
CVSS 3.1
9.9
CVE-2026-46619 Maven HIGH PATCH GHSA This Week

Pre-authentication login bypass in OpenAM Community Edition through 16.0.6 lets an unauthenticated remote attacker mint a valid OpenAM session for an arbitrary user without supplying a password. The MSISDN authentication module concatenates a request-supplied MSISDN value directly into an LDAP search filter (CWE-90), and because the default trusted-gateway list permits all traffic, any realm with an MSISDN module in its authentication chain is reachable and exploitable. No public exploit identified at time of analysis, and the issue is fixed in version 16.1.1.

Code Injection LDAP Authentication Bypass
NVD GitHub
CVE-2026-47206 LOW PATCH Monitor

RESP protocol injection in Dragonfly's EvalSerializer allows an authenticated low-privilege user to embed raw CRLF sequences inside Lua redis.error_reply() and redis.status_reply() return values, causing response stream desynchronization for connection-pool clients. All Dragonfly releases prior to 1.39.9 are affected; the vulnerability is confirmed fixed in 1.39.9 per GitHub security advisory GHSA-h77h-c6hc-qc9h. No public exploit has been identified at time of analysis, and exploitation requires authenticated access plus a connection-pooling client architecture, substantially limiting real-world risk.

Code Injection Redis Dragonfly
NVD GitHub
CVSS 4.0
2.3
EPSS
0.3%
CVE-2026-45406 HIGH PATCH This Week

OS command execution on the Dokku host is possible through the openresty-vhosts plugin in versions prior to 0.38.2, where custom OpenResty include filenames from an app's git repository are interpolated unescaped into a single-quoted shell string that is later run through eval. An attacker who can deploy a Dokku app with the openresty proxy enabled can plant a file whose name contains a single quote to break the quoting and inject a command substitution, executing arbitrary commands as the dokku user on the next deploy. There is no public exploit identified at time of analysis and it is not in CISA KEV, though the upstream advisory and a security regression test document the mechanism precisely.

Code Injection Information Disclosure Docker Dokku
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-13434 MEDIUM This Month

Network annotation injection in KubeVirt's VirtualMachineInstance API allows authenticated tenants to attach launcher pods to arbitrary network namespaces by writing unsanitized JSON into the Multus CNI default-network annotation. Exploitation is gated on the ExternalNetResourceInjection Beta feature gate being explicitly enabled by a cluster-admin (off by default, first available in OpenShift Virtualization 4.21), which intentionally bypasses the NAD namespace lookup that would otherwise reject malformed annotation values. A successful attack permits cross-namespace network attachment and IP/MAC address impersonation on segments normally segregated from tenant workloads; no public exploit has been identified at time of analysis.

Code Injection Red Hat Openshift Virtualization 4 Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.2%
CVE-2026-57315 HIGH This Week

Remote code execution in Blocksy Companion Pro (the premium add-on plugin for the Blocksy WordPress theme) versions 2.1.45 and earlier allows authenticated users holding only the low-privilege Contributor role to inject and execute arbitrary PHP code on the host. The flaw, reported by Patchstack and tracked under CWE-94, carries a CVSS 3.1 base score of 8.5 with a changed scope, meaning successful exploitation can impact components beyond the WordPress application itself. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; no EPSS score was provided in the source data.

Code Injection RCE
NVD VulDB
CVSS 3.1
8.5
EPSS
0.4%
CVE-2026-3472 LOW Monitor

Markdown image rendering restrictions in Mattermost are bypassed specifically for AI bot tool result posts, enabling authenticated attackers to exfiltrate data to attacker-controlled infrastructure. Affected are Mattermost versions 10.11.x through 10.11.18, 11.5.x through 11.5.6, and 11.6.x through 11.6.3. When a victim's client renders an AI bot tool result post containing injected markdown image syntax, the client issues an outbound request to the attacker's server, leaking request metadata such as session tokens or channel context. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Code Injection Mattermost Mattermost Server
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-7958 HIGH This Week

Authenticated code injection (CWE-94) in Trellix Network Security appliances (NX, EX, FX, AX, and CMS/Central Management) lets a logged-in administrator run arbitrary commands by abusing how the web UI renders Alert artifact details. The flaw requires existing high-privilege admin access on an adjacent network rather than remote anonymous access, so it functions primarily as a privilege/trust-boundary escape rather than a mass-exploitable internet-facing bug. The CVSS 4.0 maturity flag (E:P) indicates proof-of-concept exploit material exists, but the issue is not listed in CISA KEV and shows no confirmed active exploitation.

Code Injection RCE Trellix Network Security Nx Ex Fx Ax And Cms
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-50741 HIGH This Week

Remote code execution in Revive Adserver is reachable by authenticated low-privilege users who bypass the prior fix for CVE-2026-34916, either by supplying a disallowed-but-valid plugin identifier in the `type` parameter or by abusing the `ox.setChannelTargeting` XML-RPC API method. The flaw lets an attacker inject and execute arbitrary code (CWE-94) on the server, fully compromising confidentiality, integrity, and availability. Reported via HackerOne by multiple researchers (including phucrio and offsetmd); no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Code Injection RCE Adserver
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2026-57522 LOW POC PATCH Monitor

JSON injection in Bitwarden Server's IntegrationTemplateProcessor.ReplaceTokens() allows authenticated organization members to corrupt event-integration payloads delivered to webhook, SIEM, Slack, Teams, or Datadog endpoints. Any organization running Bitwarden Server prior to 2026.5.0 that has configured event integrations referencing user-controlled tokens such as #ActingUserName# or #UserName# is exposed. A public proof-of-concept exists per VulnCheck and independent researcher disclosure; exploitation is constrained by authentication and specific integration-configuration prerequisites, reflected in the low CVSS 4.0 score of 2.3.

Code Injection Server
NVD GitHub
CVSS 4.0
2.3
EPSS
0.2%
CVE-2026-55413 CRITICAL PATCH Act Now

Stored code injection in ToolJet self-hosted (prior to 3.20.178-lts) lets any authenticated builder-role user - available on the free tier - overwrite a globally-shared marketplace plugin with arbitrary JavaScript that runs server-side with full Node.js capabilities (require, process). Because the poisoned plugin executes whenever any user on the instance runs a query that uses it, a single low-privileged account achieves remote code execution and an instance-wide supply-chain compromise. The flaw carries a CVSS 4.0 score of 9.4; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Node.js RCE Tooljet
NVD GitHub
CVSS 4.0
9.4
EPSS
0.3%
CVE-2026-57456 HIGH PATCH This Week

Arbitrary Python code execution in Vim before 9.2.0699 occurs when a victim triggers Python omni-completion (omnifunc) inside a malicious buffer; the python3complete.vim and legacy pythoncomplete.vim runtime plugins reconstruct in-buffer function and class definitions and run them through Python's exec(), inserting each scope's docstring verbatim between triple quotes. Because the docstring is never escaped, a crafted docstring can close the triple-quoted literal and inject attacker-controlled Python that runs with the user's privileges. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but a regression test bundled with the fix demonstrates the breakout, confirming exploitability; EPSS data was not provided.

Code Injection Python RCE Vim Suse
NVD GitHub
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-56049 HIGH This Week

Remote code execution in the Post Snippets WordPress plugin (versions 4.0.19 and earlier) lets an authenticated user with only Contributor-level privileges inject and execute arbitrary PHP/code on the server via the plugin's snippet-handling functionality (CWE-94). Because a low-privilege role can pivot to full server compromise with a scope change (S:C), this is a privilege-escalation-to-RCE flaw reported by Patchstack; no public exploit has been identified at time of analysis and it is not listed in CISA KEV.

Code Injection RCE Post Snippets
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2026-54823 CRITICAL Act Now

Code injection in the Widget Options WordPress plugin (versions <= 4.2.3, by marketingfire) allows authenticated users holding the low-privileged Contributor role to achieve remote code execution on the host. Because exploitation only requires a Contributor account - a role frequently granted on multi-author and membership sites - an attacker who can register or compromise such an account can run arbitrary PHP and fully take over the site. There is no public exploit identified at time of analysis, but the 9.9 CVSS and CWE-94 classification place this at the most severe end of WordPress plugin flaws.

Code Injection RCE Widget Options
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-53277 HIGH PATCH This Week

Local privilege escalation / host compromise risk in the Linux kernel arm64 KVM subsystem arises because __kvm_at_s12() (AT instruction emulation) and __kvm_find_s1_desc_level() invoke the stage-1/nested stage-2 page-table walkers walk_s1() and kvm_walk_nested_s2() without holding kvm->srcu, which those walkers require to guard against concurrent memslot changes. A malicious or compromised guest on an affected arm64 host can race memslot updates against these walks, with CVSS scoring confidentiality, integrity and availability all High under a changed scope (host impact). It is patched in stable trees, EPSS is low (0.17%), and there is no public exploit identified at time of analysis.

Code Injection Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-1606 MEDIUM PATCH This Month

Content injection in GitLab CE/EE via improper Snippet input validation permits authenticated low-privilege users to conceal arbitrary content within Snippets, affecting all versions from 14.8 through 19.1.0. Despite being tagged as Code Injection (CWE-94) with RCE in vendor-supplied tags, the published CVSS score of 4.3 with only low integrity impact (I:L) indicates the vendor-confirmed impact is scoped to content concealment rather than full remote code execution. Patches are available in versions 18.11.6, 19.0.3, and 19.1.1; no public exploit and no CISA KEV listing have been identified at time of analysis.

Code Injection Gitlab RCE
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-53009 HIGH PATCH This Week

Local privilege-impacting memory corruption in the Linux kernel's Intel ice network driver allows a double-free of a transmit buffer's skb when the TX offload paths fail. When ice_tso() or ice_tx_csum() return an error, ice_xmit_frame_ring() frees the skb but leaves the 'first' tx_buf still marked ICE_TX_BUF_SKB, so a later ice_clean_tx_ring() during interface teardown frees the same skb a second time. Carries a CVSS 3.1 base of 7.8 (AV:L/PR:L), but with a low EPSS of 0.15% (5th percentile), no KEV listing, and no public exploit identified at time of analysis.

Code Injection Linux Intel
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-52946 HIGH PATCH This Week

Remote denial of service in the Linux kernel arises from a SOFTIRQ-safe to SOFTIRQ-unsafe lock-ordering deadlock in the fasync signaling path (fs/fcntl), where send_sigio() and send_sigurg() take read_lock(&tasklist_lock) from softirq context while traversing a process group (PIDTYPE_PGID). When this collides with a writer spinning on tasklist_lock during fork()/exit(), the CPU can deadlock and hang. The flaw is reachable remotely via TCP URG packets (send_sigurg through NET_RX_SOFTIRQ), affects multiple stable branches, and is fixed by switching the traversal to RCU. There is no public exploit identified at time of analysis and EPSS is low (0.18%).

Code Injection Linux
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-57288 LOW Monitor

LDAP injection in Jenkins Active Directory Plugin 2.41.1 and earlier allows unauthenticated remote attackers to enumerate Active Directory entries and authenticate as any directory user they can identify via wildcard matching, provided they already know that user's password. The vulnerability is confined to the Windows native ADSI authentication path, limiting exposure to Jenkins instances running on Windows with ADSI configured. No public exploit code or active exploitation has been identified; SSVC rates it non-automatable with partial technical impact.

Code Injection LDAP Jenkins Microsoft Jenkins Active Directory Plugin
NVD VulDB
CVSS 3.1
3.7
EPSS
0.2%
CVE-2026-12242 HIGH This Week

Authenticated PHP code injection in the AdRotate Banner Manager WordPress plugin (versions ≤5.17.7) allows Contributor-level users to execute arbitrary PHP on the server by abusing the 'banner' attribute of the [adrotate] shortcode. Exploitation requires W3 Total Cache or Borlabs Cache support to be enabled in AdRotate settings, where unsanitized input is concatenated into a PHP string wrapped in mfunc/fragment cache markers. Reported by Wordfence; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Code Injection WordPress PHP RCE Adrotate Banner Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-71361 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.29 allows malicious pickle files to evade scanning by abusing the undetected idlelib.calltip.Calltip.fetch_tip function, enabling arbitrary code execution when the file is later loaded via pickle.load(). Affects ML supply chains relying on picklescan to vet PyTorch models; publicly available exploit code exists in the GHSA advisory, but no public exploit identified in active campaigns at time of analysis.

Code Injection RCE Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-11968 MEDIUM PATCH This Month

Arbitrary file write in TortoiseGit's TortoiseGitBlame component is triggered when a user opens a malicious git repository and invokes blame history on a file whose historical filenames contain argument injection payloads. The injected arguments are passed unsanitized to underlying git subprocess calls, allowing an attacker-controlled repository to write files to arbitrary paths on the victim's Windows filesystem. No public exploit has been identified at time of analysis, and no KEV listing exists; however, a fix commit is available upstream.

Code Injection Tortoisegit
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-10745 HIGH This Week

Log injection in upKeeper Instant Privilege Access through 1.6.1 on Windows allows remote unauthenticated attackers to forge, tamper with, or inject crafted entries into application logs by smuggling unneutralized control characters through logged inputs. The flaw (CWE-117) does not directly compromise the upKeeper agent itself but produces high integrity, confidentiality, and availability impact on subsequent log-consuming systems (SIEM, audit pipelines). No public exploit identified at time of analysis and the CVE is not present in CISA KEV.

Code Injection Microsoft Upkeeper Instant Privilege Access
NVD VulDB
CVSS 4.0
7.9
EPSS
0.3%
CVE-2026-52912 HIGH PATCH This Week

Use-after-free in the Linux kernel's netfilter NFQUEUE subsystem affects bridge LOCAL_IN packet handling, where br_pass_frame_up() rewrites skb->dev to the bridge master before queuing without holding a reference on that device. A local attacker who can influence queued bridge traffic and trigger bridge teardown (NETDEV_DOWN) can cause the kernel to re-enter the receive path with a freed bridge master device, yielding a use-after-free with high confidentiality, integrity, and availability impact (CVSS 7.8). There is no public exploit identified at time of analysis, and EPSS exploitation probability is low (0.19%, 9th percentile).

Code Injection Linux Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-10749 HIGH POC PATCH This Week

PHP Object Injection in the Post Duplicator WordPress plugin before 3.0.15 lets authenticated users with Contributor-level access or higher inject arbitrary serialized PHP objects by abusing the plugin's post-duplication routine, which copies attacker-controlled custom meta-data without the WordPress meta API's double-serialization safeguard. Successful exploitation can lead to property-oriented programming attacks and, with a suitable gadget chain present, full compromise of the site. Publicly available exploit code exists (WPScan), though the flaw is not listed in CISA KEV and carries a low EPSS score (0.15%, 5th percentile).

WordPress Code Injection PHP Post Duplicator
NVD WPScan VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-12681 Go HIGH This Week

Trusted measurement-list poisoning in Google go-attestation through 0.6.0 lets a remote actor who controls a TPM event log fed to an attestation verifier inject arbitrary SHA256 hashes into the verifier's trusted hash database. Because parseEfiSignatureList() never advances past the EFI_SIGNATURE_LIST SignatureHeaderSize vendor bytes, those attacker-chosen bytes are accepted as legitimate hash entries, allowing a compromised boot state to be attested as healthy. No public exploit identified at time of analysis, but the fix is upstream in v0.6.1 and the root cause is documented in GHSA-9r4w-jg96-92mv.

Google Code Injection Go Attestation
NVD GitHub
CVSS 4.0
8.9
EPSS
0.2%
CVE-2026-54329 PHP HIGH PATCH GHSA This Week

Cross-tenant data injection in the Snipe-IT Accessories API (versions <= 8.6.1) lets a low-privileged authenticated user in one company write persistent accessory records into another company's inventory by supplying a foreign company_id in the API request body. The flaw only manifests when Full Multiple Companies Support (FMCS) is enabled, and it breaks tenant isolation because the API store/update path mass-assigns company_id without the enforcement the web UI applies. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the fix and a regression test are publicly visible in the vendor commit, making the mechanism easy to reproduce.

Code Injection
NVD GitHub
CVSS 3.1
7.7
EPSS
0.4%
CVE-2026-0864 MEDIUM PATCH This Month

Config file injection in CPython's configparser module allows an attacker who controls multi-line values written via configparser.write() to smuggle arbitrary keys and values into the resulting INI-style configuration file by embedding carriage return (\r) characters. All CPython versions are listed as affected per the NVD CPE wildcard, and any Python application that writes attacker-influenced data to config files via configparser is a candidate target. No public exploit has been identified at time of analysis; CVSS 4.0 scores this at 4.1 (Medium) with high privilege requirements and specific attack conditions.

Code Injection Cpython Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.1
EPSS
0.1%
CVE-2026-34916 HIGH This Week

Authenticated PHP code injection in Revive Adserver 6.0.6 and earlier allows a low-privileged user to embed arbitrary PHP into the compiledlimitations database field via the logical parameter of delivery limitations, with execution occurring later during banner delivery. The flaw is exploitable over the network with low complexity and yields full confidentiality, integrity, and availability impact (CVSS 8.8), though no public exploit identified at time of analysis.

PHP RCE Code Injection Revive Adserver
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2026-44959 HIGH This Week

Authenticated PHP code injection in Revive Adserver 6.0.6 and earlier allows a low-privileged user to smuggle an unexpected parameter into the delivery limitations save flow, planting attacker-controlled PHP into the compiledlimitations field that is then evaluated when banners are served. With CVSS 8.8 and a CWE-94 root cause, successful exploitation yields full code execution under the web/ad-delivery process, though there is no public exploit identified at time of analysis and the vulnerability is not in CISA KEV.

PHP RCE Code Injection Adserver
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2026-56762 npm MEDIUM PATCH This Month

Missing cookie name validation on the write path in Hono's setCookie(), serialize(), and serializeSigned() functions allows user-controlled input containing CRLF control characters to produce malformed Set-Cookie headers. Affected are all Hono npm releases before 4.12.12. In practice, modern runtimes including Node.js and Cloudflare Workers reject the malformed headers before they are transmitted, meaning confirmed impact is availability loss (runtime errors crashing the response) rather than header injection or response splitting - though theoretical risk exists on less-strict runtimes. No active exploitation is confirmed, and no public exploit code has been identified.

Code Injection Node.js Hono
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-12866 CRITICAL Act Now

Arbitrary JavaScript code execution in the expr-eval npm package affects all released versions when applications pass user-controlled expressions to the toJSFunction() API, which compiles them via new Function() and executes them in the host process context. Snyk discloses no public exploit identified at time of analysis, but the trivial attack pattern (sandbox escape via crafted math expressions) and CVSS 4.0 score of 9.2 make this a high-priority issue for any Node.js or browser application that exposes expr-eval to untrusted input.

RCE Code Injection Expr Eval
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.5%
CVE-2026-44179 Maven CRITICAL PATCH GHSA Act Now

Remote code execution in XWiki Pro Macros (com.xwiki.pro:xwiki-pro-macros) versions >=1.13 and <1.14.5 allows any authenticated user with page-edit rights to execute arbitrary Groovy code via the excerpt-include macro, which fails to escape the included page's title and renders excerpt content with the macro's elevated rights. A working proof-of-concept is published in the GHSA advisory demonstrating injection through both a crafted page title and excerpt body. No public exploit identified at time of analysis as actively used, but the publicly available exploit code exists in the advisory itself.

Atlassian RCE Code Injection
NVD GitHub
CVSS 3.1
9.9
CVE-2026-33646 Cargo CRITICAL PATCH GHSA Act Now

Arbitrary code execution in mise (jdx/mise) versions prior to 2026.3.10 allows attackers to run shell commands as the victim user simply by having them `cd` into a directory containing a malicious `.tool-versions` file. Unlike `.mise.toml`, `.tool-versions` files bypass the trust verification gate in non-paranoid mode, so the Tera template engine's `exec()` function fires silently from the shell `hook-env`. No public exploit identified at time of analysis beyond the detailed reporter PoC, but exploitation is trivial and a working PoC is embedded in the advisory.

RCE Python Apple Privilege Escalation Code Injection
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2026-10789 CRITICAL PATCH Act Now

Remote code execution in Autodesk Fusion Desktop's MCP (Model Context Protocol) extension allows attackers to execute arbitrary code with current user privileges when a victim visits a malicious webpage while Fusion is running with the MCP extension enabled. The flaw is rated CVSS 9.6 (Critical) due to its network-reachable nature and scope change, though successful exploitation requires user interaction (visiting a crafted page) and the non-default MCP extension being enabled. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

RCE Code Injection Fusion
NVD VulDB
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-9072 CRITICAL PATCH Act Now

Remote code execution and denial of service in IBM WebSphere Application Server and WebSphere Application Server Liberty (including IBM i 7.3-7.6) occurs when the WebServer Plug-in component is deployed with Intelligent Management enabled. An attacker who can impersonate a backend application server and return crafted responses can trigger code injection (CWE-94) against the plug-in, yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis; EPSS 0.38% and SSVC exploitation 'none' indicate no observed weaponization despite the 9.8 CVSS rating.

RCE IBM Denial Of Service Code Injection
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-8858 HIGH PATCH This Week

Remote code execution and denial of service in the IBM WebSphere Web Server Plug-in shipped with IBM i 7.3, 7.4, 7.5, and 7.6 (through 1.8.4) allows an attacker positioned on the adjacent network to abuse the plug-in's handling of responses from an upstream WebSphere Application Server. By impersonating the application server and returning crafted responses, the attacker can trigger code injection (CWE-94) against the plug-in, leading to full compromise of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and EPSS is low (0.25%), but SSVC rates the technical impact as total.

RCE IBM Denial Of Service Code Injection
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-10561 CRITICAL PATCH Act Now

Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully compromise the host by bypassing authentication and abusing improper Python execution isolation. The maximum CVSS 10.0 score (AV:N/AC:L/PR:N/UI:N with scope change) reflects trivial network-based exploitation against any internet-exposed instance, though no public exploit identified at time of analysis. IBM has confirmed the issue and released a patch via support advisory node/7277242.

Code Injection IBM Python RCE Authentication Bypass +1
NVD VulDB
CVSS 3.1
10.0
EPSS
0.5%
CVE-2026-12888 LOW PATCH Monitor

HTML injection in Canarytokens' Google Chat webhook notifications allows an attacker who triggers a deployed canarytoken to embed limited HTML content - including crafted hyperlinks - inside the resulting alert message rendered in Google Chat. The vulnerable system is Canarytokens itself (Docker tag sha-4aef1db90 through sha-8ab4dccd), but the integrity impact lands on the subsequent system: the Google Chat interface where defenders receive their alerts. A proof of concept exists per CVSS 4.0 supplemental metric E:P; no confirmed active exploitation or CISA KEV listing exists at time of analysis.

Google Code Injection Docker Canarytokens
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.3%
CVE-2026-56446 HIGH PATCH This Week

Remote code execution in MISP allows authenticated site administrators to abuse the JsonLogTool NDJSON error log configuration to write attacker-controlled content to a PHP file under the webroot, yielding code execution as the web server user. No public exploit identified at time of analysis, but a vendor patch is available via the MISP GitHub repository.

RCE PHP Code Injection Misp
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-11373 CRITICAL PATCH Act Now

Metric injection in the Perl module Net::Statsite::Client through version 1.1.0 allows attackers controlling metric names or values to inject arbitrary statsite protocol commands by smuggling newlines, colons, and pipe characters that the library fails to sanitize. The flaw maps to CWE-93 (CRLF Injection) and affects any application that forwards untrusted input into metric reporting. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

Code Injection Net
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-12862 MEDIUM PATCH This Month

Formula injection in Venueless Excel exports allows an attacker with a low-privilege account to embed malicious spreadsheet formulas into user-supplied data fields, which execute when an administrator opens the generated export file. Affected deployments include all versions of Venueless (pretix) as indicated by the wildcard CPE entry. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, but the low attack complexity and the availability of a GitHub security advisory signal a credible, reproducible attack path against administrative workflows.

Code Injection Venueless
NVD GitHub
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-11748 MEDIUM This Month

LDAP injection in Central Dogma's Apache Shiro-based authentication module exposes unauthenticated remote attackers to authentication confusion and Active Directory enumeration. The SearchFirstActiveDirectoryRealm component in centraldogma-server-auth-shiro versions prior to 0.84.0 inserts the login username directly into an LDAP search filter without escaping metacharacters, allowing filter logic manipulation. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication or preconditions are required beyond reaching the login endpoint. No public exploit or CISA KEV listing has been identified at time of analysis.

Information Disclosure Central Dogma LDAP Code Injection
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2026-12822 LOW Monitor

Code injection in langflow's Bundle URL Loader component allows local attackers with low privileges to inject and execute arbitrary code within the langflow process across versions 1.9.0 through 1.9.3. A publicly available proof-of-concept demonstrating startup-time RCE via maliciously crafted bundle URLs has been published by the researcher, though the CVSS 4.0 vector (VC:L/VI:L/VA:L) rates impact as low - a discrepancy with the RCE claim in the PoC that warrants independent verification. No vendor-released patch is available; the vendor did not respond to the researcher's disclosure.

Code Injection Langflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-56382 PHP HIGH POC PATCH This Week

Authenticated remote code execution in Craft CMS versions 5.5.0 through 5.9.13 allows admin users to execute arbitrary PHP by injecting Yii2 event handlers via the fieldLayoutConfig POST parameter to FieldsController::actionRenderCardPreview(). The flaw stems from missing Component::cleanseConfig() sanitization, enabling disclosure of environment variables including database credentials and CRAFT_SECURITY_KEY. No public exploit identified at time of analysis, though VulnCheck has published a detailed advisory describing the attack technique.

Code Injection RCE PHP Cms
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2026-44913 MEDIUM This Month

SQL injection via improperly escaped MySQL table names in Apache NiFi's CaptureChangeMySQL Processor (versions 1.2.0 through 2.9.0) allows an attacker with MySQL CREATE TABLE access in a monitored database to inject arbitrary SQL commands executed under NiFi's MySQL service credentials. A partial mitigation introduced in 1.8.0 added manual quoted boundaries that narrowed - but did not eliminate - the injection surface; the root flaw persisted for years until full remediation in 2.10.0. No public exploit identified at time of analysis and not listed in CISA KEV; the issue was discovered by Roberto Suggi Liverani of the NATO Cyber Security Centre (NCSC) and disclosed in April 2026.

Apache Code Injection Nifi
NVD VulDB
CVSS 4.0
5.2
EPSS
0.3%
CVE-2026-5366 CRITICAL Act Now

Remote code execution in Prefect 3.6.23 allows any user holding deployment-creation permissions to run arbitrary commands on shared worker machines by abusing the GitRepository storage class. The commit_sha and directories parameters are concatenated into git invocations without a `--` separator or validation, letting attackers smuggle flags such as `--upload-pack` to execute external programs. No public exploit identified at time of analysis, but the bug was reported via huntr and is particularly dangerous for multi-tenant work pools where worker compromise crosses trust boundaries.

RCE Code Injection Prefecthq Prefect
NVD VulDB
CVSS 3.0
9.9
EPSS
0.6%
CVE-2024-58351 npm CRITICAL PATCH Act Now

Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Denial Of Service SSRF Flowise
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.6%
CVE-2022-50972 CRITICAL POC Act Now

WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE WordPress PHP Woocommerce
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.6%
CVE-2026-55770 Go MEDIUM PATCH GHSA This Month

LDAP injection in OpenBao versions 0.1.0 through 2.5.4 allows an attacker with a valid low-privileged LDAP account to impersonate arbitrary directory users, including administrators, by supplying filter metacharacters in the username field at login. The root cause is a function selection error in `sdk/helper/ldaputil/client.go`: `EscapeLDAPValue()` (RFC 4514, DN escaping) is used in LDAP filter construction instead of `ldap.EscapeFilter()` (RFC 4515), leaving characters `*`, `(`, `)`, `\`, and NUL unescaped and injectable. Publicly available exploit code exists in the vendor advisory; no confirmed active exploitation (CISA KEV) has been identified at time of analysis.

LDAP Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
6.8
CVE-2026-54074 npm HIGH PATCH GHSA This Week

Code injection in @tinacms/cli versions prior to 2.4.3 allows an attacker who controls a Forestry-style project to achieve remote code execution on a developer's workstation when the `tinacms init` Forestry migration runs and the developer subsequently executes `tinacms dev` or `tinacms build`. The `addVariablesToCode` helper unquotes any value matching the marker `__TINA_INTERNAL__:::(.*?):::` placed in a stringified collection JSON, and user-supplied `label`/`name` fields from `.forestry/**/*.yml` are inserted into that JSON without sanitisation, yielding a top-level IIFE in the generated `tina/templates.ts`. A detailed end-to-end PoC is published in the GHSA-4936-9hrh-qqpw advisory; no public exploit identified at time of analysis beyond the disclosure PoC, and the CVE is not in CISA KEV.

Node.js Microsoft Code Injection RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-55773 Maven HIGH PATCH GHSA This Week

Cedar policy injection in CedarJava (com.cedarpolicy:cedar-java) versions below 2.3.6, 3.4.1, and 4.9.0 allows attackers to alter authorization outcomes by smuggling Cedar expressions through unescaped string values. The flaw is in toCedarExpr() on Cedar Value types, which fails to escape quote and backslash characters when serializing user-controlled values into policy text. No public exploit identified at time of analysis, but the integrity impact is severe because injected fragments like '|| true' can neutralize permit/forbid logic in fine-grained authorization decisions.

Code Injection Java RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-55767 PHP MEDIUM PATCH GHSA This Month

Cookie domain validation in guzzlehttp/guzzle before 7.12.1 allows cross-origin cookie injection when a shared CookieJar contacts both attacker-controlled and trusted hosts. The flaw stems from SetCookie::matchesDomain() normalizing dot-only Domain values (e.g., 'Domain=.', 'Domain=..') to an empty string, while SetCookie::validate() only rejected strictly empty domains - meaning normalized-empty domains were stored and silently treated as matching every request host. Any application using new Client(['cookies' => true]) or an explicit shared CookieJar that requests data from an attacker-reachable origin is exposed to session fixation or cookie injection against unrelated downstream services. No public exploit or CISA KEV listing has been identified at time of analysis.

Code Injection
NVD GitHub
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-55766 PHP MEDIUM PATCH GHSA This Month

CRLF injection in guzzlehttp/psr7 (all versions prior to 2.12.1) enables header injection, response splitting, request smuggling, or cache poisoning when attacker-controlled data reaches the HTTP start-line fields - request method, protocol version, or response reason phrase - and the resulting PSR-7 object is serialized to raw HTTP/1.x. The vulnerability is confined to the serialization pathway: standard Guzzle HTTP client usage is explicitly not affected, but proxies, crawlers, webhook delivery systems, and custom transports that call `Message::toString()`, `Message::parseRequest()`, or `Message::parseResponse()` and re-emit the raw bytes are at direct risk. No public exploit has been identified at time of analysis, and the vendor has released a confirmed patch in version 2.12.1.

Code Injection
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-71326 HIGH POC This Week

Local privilege escalation in Avast Antivirus 25.11 allows non-privileged Windows users to execute arbitrary code as SYSTEM by abusing an unquoted service path in the SecureLine service. Publicly available exploit code exists (Exploit-DB 52510), and the issue was reported by VulnCheck; no public exploit identified at time of analysis indicates wider active exploitation, but the low-complexity local vector makes this attractive for post-compromise escalation.

Code Injection Avast Antivirus
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-44939 Go CRITICAL PATCH GHSA Act Now

{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no public exploit was identified at time of analysis and it is not listed in CISA KEV. Reported by SUSE through GitHub Security Advisory GHSA-mhc6-2gfq-xx62.

Command Injection Code Injection Rancher Suse
NVD GitHub
CVSS 4.0
9.4
EPSS
1.1%
CVE-2026-48980 MEDIUM PATCH This Month

Environment variable injection in pam_usb prior to version 0.9.2 allows a local authenticated user to bypass hardware USB token authentication by manipulating the XRDP_SESSION, DISPLAY, or TMUX environment variables before invoking setuid binaries such as sudo or su. Because the PAM module calls standard getenv() - which does not sanitize values in privileged contexts - attacker-controlled environment data is used to determine whether the current session is local or remote, potentially defeating the core purpose of hardware-enforced authentication. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the authentication bypass impact makes this a high-priority upgrade for any deployment relying on pam_usb for privileged command gating.

Code Injection Pam Usb
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
EPSS 0% CVSS 2.1
LOW POC Monitor

Code injection in SourceCodester Multi-Vendor Online Grocery Management System 1.0 allows remote low-privileged attackers to execute arbitrary PHP code by manipulating the `content[]` argument passed to the `update_settings_info` function in `classes/SystemSettings.php`. A public proof-of-concept exploit has been disclosed on GitHub, and exploitation requires only a low-privileged authenticated session over the network. No CISA KEV listing exists, but the public exploit materially lowers the barrier for opportunistic attacks against any internet-exposed instance.

Code Injection PHP RCE +1
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in the NLTK Python library (nltk/nltk 3.9.3 and earlier) allows an attacker to run untrusted Java code when a victim loads a malicious JAR through five Stanford interface wrappers (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, StanfordNeuralDependencyParser). These classes pass a user-controllable JAR path to an internal java() helper that calls subprocess.Popen() with no SHA256 integrity check, so a substituted or poisoned JAR executes with the user's privileges. This is a regression of CVE-2026-0848, whose SHA256 verification fix was applied only to StanfordSegmenter and never propagated to these five classes; no public exploit is identified at time of analysis, though a huntr bounty report exists.

Code Injection RCE Nltk Nltk +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation via argument injection in TUBITAK BILGEM's pardus-software (the software-center application for the Turkish Pardus Linux distribution) affects all versions up to and including 1.0.4. A low-privileged local user can smuggle attacker-controlled argument delimiters into a command the application invokes with elevated privileges, yielding full compromise of the host (confidentiality, integrity, and availability all high) with no user interaction. No public exploit has been identified at time of analysis, and the issue is not on CISA KEV; it is fixed in version 1.0.5.

Code Injection Pardus Software
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Indirect prompt injection in the Kong Konnect Model Context Protocol (MCP) server (konghq mcp-konnect) before version 1.0.0 allows a remote attacker to smuggle malicious instructions into content that an LLM agent processes, causing the agent to issue unintended Kong Konnect API requests. Because the injected instructions execute with the trust and credentials of the connected agent, an attacker can exfiltrate sensitive Konnect data or drive management API calls the operator never intended. No public exploit identified at time of analysis, but the CVSS 7.4 rating (scope-changed, confidentiality-high) reflects meaningful impact once an agent ingests attacker-controlled data.

Code Injection Mcp Konnect
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Arbitrary shortcode execution in the CURCY Multi Currency for WooCommerce WordPress plugin (versions up to and including 2.2.14) allows unauthenticated attackers to invoke any registered WordPress shortcode by sending a crafted request to a vulnerable action handler in frontend/cache.php. The root cause is a failure to validate the shortcode value before passing it to do_shortcode(), meaning any shortcode registered on the site - including those that expose user data, perform database queries, or render sensitive page content - can be triggered without authentication. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, though the low attack complexity and zero-authentication requirement elevate practical risk above what the moderate CVSS score suggests.

Code Injection WordPress RCE +1
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Blind plaintext injection into Erlang/OTP TLS clients allows a network-positioned attacker to insert unauthenticated APPLICATION_DATA records during the handshake that the application subsequently receives as authenticated post-handshake server data. The root asymmetry is in tls_gen_connection:handle_protocol_record/3, which correctly rejects pre-handshake APPLICATION_DATA for TLS server endpoints but omits the equivalent guard for client endpoints, enabling record buffering prior to authentication. No active exploitation has been confirmed (not in CISA KEV, no POC referenced), but the network-only attack requirement and breadth of affected OTP versions - spanning OTP 17.0 through current - make patching urgent for Erlang-based services that consume TLS client data in untrusted network environments.

Code Injection Otp
NVD GitHub VulDB
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unauthenticated remote code execution affects Creative Themes' Blocksy Companion Pro WordPress plugin in all versions up to and including 2.1.46, allowing remote attackers to inject and execute arbitrary code (CWE-94) without any authentication or user interaction. Rated CVSS 10.0 with a scope-changed vector, this is a maximum-severity flaw reported by Patchstack. No public exploit identified at time of analysis and it is not currently listed in CISA KEV, but the trivial exploitability of an unauthenticated RCE makes it a high-priority patching target.

Code Injection RCE Blocksy Companion Pro
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

Remote code execution in the Five Star Business Profile and Schema WordPress plugin (versions up to and including 2.3.19) allows an attacker holding an Editor-level or higher account to inject and execute arbitrary PHP code on the host. Reported by Patchstack and rated CVSS 9.1 due to its scope-changing impact, the flaw turns a trusted content role into full server compromise. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CWE-94 code-injection root cause makes reliable exploitation straightforward for any authorized high-privilege user.

Code Injection RCE Five Star Business Profile And Schema
NVD VulDB
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Authenticated remote code execution in Craft CMS 5.9.0 through 5.9.x allows control panel users with entry-editing permissions to inject unsandboxed Twig code via the HTTP Referer header during entry save operations. Because the signed redirect URL derived from the attacker-controlled Referer is compiled with renderObjectTemplate() instead of the sandboxed renderSandboxedObjectTemplate(), a low-privileged CMS operator can achieve server-side template injection leading to code execution. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is fixed in Craft CMS 5.10.0.

Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in the V8 JavaScript engine of Google Chrome before 150.0.7871.46 allows a remote attacker who lures a victim to a crafted HTML page to execute arbitrary code — though notably only within the renderer sandbox rather than achieving full host compromise. Rated CVSS 8.8 and stemming from a code-generation flaw (CWE-94) in V8, it affects all Chrome desktop installations on the vulnerable channel; a fix has shipped, but there is no public exploit identified at time of analysis and CISA SSVC records exploitation status as none.

Code Injection Google RCE +1
NVD
CVSS 4.8
MEDIUM PATCH This Month

Prototype pollution in @hey-api/openapi-ts affects all versions through 0.97.2, allowing remote unauthenticated attackers to substitute the prototype chain of the returned params slot object by passing a crafted key such as '$query___proto__' through any application that forwards user-supplied parameters to a generated SDK method. The flaw resides in a runtime template (dist/clients/core/params.ts) that is copied verbatim into every generated SDK, meaning every downstream npm package regenerated from this tool carries the vulnerable code - confirmed affected consumers include @opencode-ai/sdk and @trigger.dev/sdk. A functional proof-of-concept is publicly available; exploitation is not confirmed as actively exploited and is absent from CISA KEV.

Node.js Docker Code Injection +1
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Cookie tossing in AsyncHttpClient (AHC) library allows a malicious HTTP server to plant cookies scoped to an unrelated trusted domain, affecting versions 2.0.0-2.15.x and 3.0.0.Beta1-3.0.10. ThreadSafeCookieStore accepts and stores a cookie's Domain attribute value without verifying that the responding host is authorised to set cookies for that domain, so any server the client contacts can inject a cookie that AHC will automatically forward to the targeted domain on subsequent requests. Java applications sharing a single AHC instance - and therefore its default shared CookieStore - across calls to both attacker-influenced and trusted hosts are the primary attack surface; no public exploit has been identified at time of analysis, and vendor-released fixes are available in 2.16.0 and 3.0.11.

Code Injection Java Async Http Client
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Log injection in Elastic Kibana (fixed in 7.17.15 and 8.11.1) allows an attacker with low-privilege access to embed unneutralized control characters in input that Kibana writes verbatim to its log files; when an operator later views those logs in a terminal that interprets ANSI/control sequences, the injected payload can forge, hide, or rewrite displayed log content. The issue is tracked as CWE-117 (Improper Output Neutralization for Logs) and carries a vendor CVSS of 8.0. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Elastic Kibana
NVD VulDB
EPSS 1% CVSS 7.7
HIGH POC This Week

Authenticated remote code execution in JAIOTlink C492A-W6 Wi-Fi IP cameras (firmware 4.8.30.57701411) lets a logged-in attacker plant a shell script in writable JFFS2 persistent storage and invoke it via popen() through the authenticated Anyka config HTTP endpoint, yielding reboot-surviving persistent RCE. Publicly available exploit code exists (published by VulnCheck), though there is no confirmed active exploitation in CISA KEV. The CVSS 4.0 score of 7.7 reflects high attack complexity offset by full compromise of confidentiality, integrity, and availability.

Code Injection RCE C492A W6 Wi Fi Ip Camera
NVD GitHub
EPSS 0%
NONE PATCH Awaiting Data

Code injection in the Wikimedia Foundation Timeline extension (EasyTimeline) allows authenticated wiki editors to execute arbitrary server-side code via crafted timeline syntax processed by the Perl-based EasyTimeline.Pl script and its PHP integration layer Timeline.Php. The vulnerability stems from CWE-94 improper code generation control, where user-supplied timeline markup is passed to the backend Perl interpreter without sufficient sanitization, enabling remote code execution on the MediaWiki server. No public exploit code has been identified at time of analysis, but the RCE tag and network-accessible attack vector make this a high-priority patching target for any publicly editable or semi-public MediaWiki instance.

Code Injection PHP RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux allows a low-privileged local attacker to achieve code execution, privilege escalation, data tampering, and information disclosure. Megatron Bridge is NVIDIA's model-interoperability tooling used to convert and load large-language-model checkpoints in the Megatron/PyTorch training stack, where unsafe object deserialization (CWE-94) lets attacker-controlled serialized data run arbitrary code in the process context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 7.8 (High) rating with full C/I/A impact makes it a meaningful risk on shared or multi-tenant ML infrastructure.

Deserialization Code Injection Nvidia +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge for Linux stems from improper control of code generation (CWE-94), allowing an attacker who convinces a user to process a malicious artifact to run code in the context of the training/inference workload. Successful exploitation can escalate privileges, tamper with data, and disclose information. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 3.1 vector (AV:L/UI:R) indicates local access with user interaction is required.

Code Injection Nvidia Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in Google Chrome before 150.0.7871.47 enables remote attackers to inject arbitrary scripts or HTML across security origins by serving a crafted HTML page to a victim user. The flaw stems from insufficient input validation in Chrome's HTML handling (CWE-20), and its Scope:Changed CVSS metric confirms the core danger: injected scripts escape the attacker-controlled origin and execute in the context of other web origins, undermining the browser's same-origin policy. No public exploit code or CISA KEV listing is identified at time of analysis; EPSS stands at 0.18% (8th percentile), consistent with the vendor's own 'Low' Chromium severity classification despite a NVD CVSS score of 6.1.

Code Injection Google Suse
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in Google Chrome for iOS prior to 150.0.7871.47 enables a remote attacker to inject arbitrary scripts or HTML across origins by exploiting insufficient input validation triggered through specific user UI gestures on a crafted page. The scope change (S:C in CVSS) is the critical dimension here - successful exploitation bypasses the same-origin policy, potentially granting the attacker script execution in the context of arbitrary origins within the browser session. No public exploit code has been identified and EPSS sits at just 0.20% (11th percentile), indicating low observed exploitation activity despite the high-impact class of vulnerability.

Code Injection Apple Google +1
NVD VulDB
EPSS 1% CVSS 9.2
CRITICAL PATCH Act Now

Arbitrary JavaScript execution in Crawl4AI's Docker API server (versions before 0.8.7) lets remote attackers submit code to the /execute_js endpoint, which runs it inside the server's Chromium browser context launched with --disable-web-security. Because the browser's same-origin and CORS protections are disabled, attacker-controlled JavaScript can pivot into server-side request forgery against internal services and metadata endpoints. No public exploit has been identified at time of analysis, and the CVSS 4.0 base score is 9.2 (critical), though the vector's high attack complexity and present attack requirements indicate exploitation is not fully trivial.

Code Injection SSRF Docker +2
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in txtai through 9.10.0 lets a remote attacker reach the API /reindex endpoint and supply an arbitrary dotted callable (for example subprocess.getoutput) that the server imports and invokes during reindexing, running commands as the server process. The flaw is exploitable only when the API is network-exposed with no TOKEN set (so all endpoints are unauthenticated) and the index is writable - not the default posture. No public exploit has been identified at time of analysis, but the issue carries a high CVSS 4.0 base score of 9.3 and was reported by VulnCheck.

Code Injection RCE Txtai
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Remote code execution in IBM Langflow OSS 1.0.0 through 1.9.3 lets an unauthenticated attacker inject and run arbitrary Python via the flow `tool_code` mechanism, gaining full control of the Langflow process. Because the scope changes (S:C), the attacker can read every process secret, read and tamper with all flows, conversations, messages, uploads and saved components in the database, reach internal services and cloud metadata endpoints, and pivot across tenants on the same instance. This is a maximum-severity (CVSS 10.0) flaw, though no public exploit has been identified at time of analysis and it is not listed in CISA KEV.

Code Injection IBM File Upload +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote code execution in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 lets unauthenticated network attackers run arbitrary code by abusing improper handling of the pre-authentication DRDA handshake. Because the flaw is reachable before any login, any client able to reach the database listener can trigger it, and the CVSS 3.1 base score of 9.8 reflects full compromise of confidentiality, integrity, and availability. No public exploit is identified at time of analysis and the CVE is not listed in CISA KEV.

Code Injection IBM RCE +1
NVD
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Code injection in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets an authenticated user execute arbitrary operating-system commands and read sensitive files such as stored credentials, escalating from low-privileged application access to full host compromise. Rated CVSS 9.9 with a scope-changing vector, the flaw enables lateral movement once an attacker holds any valid Langflow account. No public exploit identified at time of analysis, but a vendor patch is available.

Code Injection IBM RCE +1
NVD
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Unauthenticated remote code execution in Orkes Conductor (conductor-oss) versions 3.21.21 through 3.30.1 lets remote attackers run arbitrary OS commands by POSTing inline workflow definitions to the workflow API before any authentication check. The flaw stems from GraalVM script evaluators left in an unsandboxed state (HostAccess.ALL / allowAllAccess(true)), allowing JavaScript or Python expressions in INLINE, LAMBDA, DO_WHILE, and SWITCH tasks to reach Java reflection and subprocess APIs. Reported by VulnCheck; no public exploit identified at time of analysis, though a detailed vendor/researcher advisory exists.

Code Injection Python Java +2
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

Code injection via malicious project files in Mendix Studio Pro 10.11 through 11.11 allows arbitrary code execution on a developer's workstation when a victim opens and runs a specially crafted project through the build pipeline. Siemens' own ProductCERT (SSA-779310) reported this flaw, classifying it under CWE-94, with patches available only for the 10.24 and 11.6 long-term support lines. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, the breadth of affected versions - spanning the entire 10.x and 11.x release trees - means most active Mendix developer environments are exposed.

Code Injection RCE Mendix Studio Pro 10 11 +25
NVD VulDB
EPSS 1% CVSS 9.3
CRITICAL Act Now

Remote code execution in LLaMA-Factory through version 0.9.5 allows attackers who can reach the Gradio WebUI to run arbitrary Python by entering a malicious model path in the Chat or Training interfaces. Because the app forwards unvalidated user input into Hugging Face's AutoTokenizer.from_pretrained() and AutoModel.from_pretrained() with a hardcoded trust_remote_code=True, a referenced repository's custom modeling code executes with the server process's privileges. Publicly available exploit code exists (a proof-of-concept gist plus a VulnCheck advisory), though it is not listed in CISA KEV and no in-the-wild abuse is documented in the available data.

Code Injection Python RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution in Snowflake CLI versions prior to 3.19 lets an attacker run code in the context of any developer who bundles or deploys an attacker-supplied Snowpark project. The flaw lives in the Snowpark annotation processor callback template, where untrusted project content is interpolated directly into generated Python code (CWE-94). No public exploit has been identified at time of analysis, but the attack is straightforward and high-impact (CVSS 8.8) given that it executes with the victim's local privileges; exploitation hinges on the victim running the bundling/deployment workflow against malicious content.

Code Injection Python RCE +1
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Remote code execution in Alexantr filemanager v1.0 lets remote attackers run arbitrary code through the filemanager.php component, mapped to CWE-94 (code injection). The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates a network-reachable flaw requiring no authentication or user interaction, and publicly available exploit code exists (GitHub POC by SLO-CYBER-SEC). SSVC rates exploitation as proof-of-concept with total technical impact and automatable=yes, but it is not on CISA KEV and no EPSS score was provided.

Code Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Code injection in ANTLR4's Grammar Action Block Handler allows remote attackers to execute arbitrary code by supplying a crafted grammar file processed by the tool. All versions up to and including 4.13.2 are affected via the OutputFile.java code generation pathway. A public proof-of-concept exploit exists on GitHub (no KEV listing), though the vendor has not acknowledged or patched the issue, leaving users without an official fix.

Code Injection Java RCE +3
NVD VulDB GitHub
EPSS 0% CVSS 7.1
HIGH This Week

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector is constructed, so AT_SECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. An unprivileged local user can inject a shared library via LD_PRELOAD into a set-user-ID or set-group-ID Linux binary, gaining the privileges of that binary.

Code Injection Freebsd
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Unauthenticated remote code execution in Kestra orchestration platform before 1.0.45 and 1.3.21 lets anonymous attackers fully compromise the host. The REST API authentication filter treats any request path ending in /configs as the public instance-config endpoint, so an attacker appending the literal segment configs (e.g. to flow-create or execution-trigger routes) bypasses Basic-Auth, creates a flow with a Shell/Process task, and executes commands as root inside the container; with the default docker-compose mounting /var/run/docker.sock, this pivots to the host Docker daemon. No public exploit identified at time of analysis, but the technique is fully described in the vendor advisory and is trivially reproducible.

Code Injection Docker RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Spurious WARN_ON_ONCE calls in the Linux kernel's blk-wbt subsystem trigger unnecessary kernel warnings and stack traces under expected failure conditions - memory pressure or a pre-registered writeback throttle. Local low-privileged users can provoke this via ioctl(BLKPG) during MTD partition creation under memory-constrained conditions, generating noise in kernel logs and, on panic_on_warn-enabled kernels, potentially causing a system crash. No public exploit exists and the EPSS score of 0.14% (4th percentile) places this firmly in the low-priority tier; it has not been added to CISA KEV.

Code Injection Linux
NVD
CVSS 9.9
CRITICAL POC PATCH Act Now

Container-to-host filesystem escape in Incus before 7.2.0 lets a user who can import images and create instances read and write arbitrary files on the host as root. A malicious image carrying a duplicate top-level 'rootfs' symlink (rootfs -> /) passes image validation, and the stopped-container file API later chroots into that symlinked path via forkfile, exposing the host root filesystem through 'incus file pull/push'. A working proof-of-concept is published in the GitHub Security Advisory (GHSA-2q3f-q5pq-g8wv); publicly available exploit code exists, but there is no public exploit identified beyond the PoC and the CVE is not in CISA KEV.

Code Injection
NVD GitHub
HIGH PATCH This Week

Pre-authentication login bypass in OpenAM Community Edition through 16.0.6 lets an unauthenticated remote attacker mint a valid OpenAM session for an arbitrary user without supplying a password. The MSISDN authentication module concatenates a request-supplied MSISDN value directly into an LDAP search filter (CWE-90), and because the default trusted-gateway list permits all traffic, any realm with an MSISDN module in its authentication chain is reachable and exploitable. No public exploit identified at time of analysis, and the issue is fixed in version 16.1.1.

Code Injection LDAP Authentication Bypass
NVD GitHub
EPSS 0% CVSS 2.3
LOW PATCH Monitor

RESP protocol injection in Dragonfly's EvalSerializer allows an authenticated low-privilege user to embed raw CRLF sequences inside Lua redis.error_reply() and redis.status_reply() return values, causing response stream desynchronization for connection-pool clients. All Dragonfly releases prior to 1.39.9 are affected; the vulnerability is confirmed fixed in 1.39.9 per GitHub security advisory GHSA-h77h-c6hc-qc9h. No public exploit has been identified at time of analysis, and exploitation requires authenticated access plus a connection-pooling client architecture, substantially limiting real-world risk.

Code Injection Redis Dragonfly
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

OS command execution on the Dokku host is possible through the openresty-vhosts plugin in versions prior to 0.38.2, where custom OpenResty include filenames from an app's git repository are interpolated unescaped into a single-quoted shell string that is later run through eval. An attacker who can deploy a Dokku app with the openresty proxy enabled can plant a file whose name contains a single quote to break the quoting and inject a command substitution, executing arbitrary commands as the dokku user on the next deploy. There is no public exploit identified at time of analysis and it is not in CISA KEV, though the upstream advisory and a security regression test document the mechanism precisely.

Code Injection Information Disclosure Docker +1
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Network annotation injection in KubeVirt's VirtualMachineInstance API allows authenticated tenants to attach launcher pods to arbitrary network namespaces by writing unsanitized JSON into the Multus CNI default-network annotation. Exploitation is gated on the ExternalNetResourceInjection Beta feature gate being explicitly enabled by a cluster-admin (off by default, first available in OpenShift Virtualization 4.21), which intentionally bypasses the NAD namespace lookup that would otherwise reject malformed annotation values. A successful attack permits cross-namespace network attachment and IP/MAC address impersonation on segments normally segregated from tenant workloads; no public exploit has been identified at time of analysis.

Code Injection Red Hat Openshift Virtualization 4 Suse
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

Remote code execution in Blocksy Companion Pro (the premium add-on plugin for the Blocksy WordPress theme) versions 2.1.45 and earlier allows authenticated users holding only the low-privilege Contributor role to inject and execute arbitrary PHP code on the host. The flaw, reported by Patchstack and tracked under CWE-94, carries a CVSS 3.1 base score of 8.5 with a changed scope, meaning successful exploitation can impact components beyond the WordPress application itself. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; no EPSS score was provided in the source data.

Code Injection RCE
NVD VulDB
EPSS 0% CVSS 3.5
LOW Monitor

Markdown image rendering restrictions in Mattermost are bypassed specifically for AI bot tool result posts, enabling authenticated attackers to exfiltrate data to attacker-controlled infrastructure. Affected are Mattermost versions 10.11.x through 10.11.18, 11.5.x through 11.5.6, and 11.6.x through 11.6.3. When a victim's client renders an AI bot tool result post containing injected markdown image syntax, the client issues an outbound request to the attacker's server, leaking request metadata such as session tokens or channel context. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Code Injection Mattermost Mattermost Server
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Authenticated code injection (CWE-94) in Trellix Network Security appliances (NX, EX, FX, AX, and CMS/Central Management) lets a logged-in administrator run arbitrary commands by abusing how the web UI renders Alert artifact details. The flaw requires existing high-privilege admin access on an adjacent network rather than remote anonymous access, so it functions primarily as a privilege/trust-boundary escape rather than a mass-exploitable internet-facing bug. The CVSS 4.0 maturity flag (E:P) indicates proof-of-concept exploit material exists, but the issue is not listed in CISA KEV and shows no confirmed active exploitation.

Code Injection RCE Trellix Network Security Nx Ex Fx Ax And Cms
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Revive Adserver is reachable by authenticated low-privilege users who bypass the prior fix for CVE-2026-34916, either by supplying a disallowed-but-valid plugin identifier in the `type` parameter or by abusing the `ox.setChannelTargeting` XML-RPC API method. The flaw lets an attacker inject and execute arbitrary code (CWE-94) on the server, fully compromising confidentiality, integrity, and availability. Reported via HackerOne by multiple researchers (including phucrio and offsetmd); no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Code Injection RCE Adserver
NVD
EPSS 0% CVSS 2.3
LOW POC PATCH Monitor

JSON injection in Bitwarden Server's IntegrationTemplateProcessor.ReplaceTokens() allows authenticated organization members to corrupt event-integration payloads delivered to webhook, SIEM, Slack, Teams, or Datadog endpoints. Any organization running Bitwarden Server prior to 2026.5.0 that has configured event integrations referencing user-controlled tokens such as #ActingUserName# or #UserName# is exposed. A public proof-of-concept exists per VulnCheck and independent researcher disclosure; exploitation is constrained by authentication and specific integration-configuration prerequisites, reflected in the low CVSS 4.0 score of 2.3.

Code Injection Server
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Stored code injection in ToolJet self-hosted (prior to 3.20.178-lts) lets any authenticated builder-role user - available on the free tier - overwrite a globally-shared marketplace plugin with arbitrary JavaScript that runs server-side with full Node.js capabilities (require, process). Because the poisoned plugin executes whenever any user on the instance runs a query that uses it, a single low-privileged account achieves remote code execution and an instance-wide supply-chain compromise. The flaw carries a CVSS 4.0 score of 9.4; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Node.js RCE +1
NVD GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Arbitrary Python code execution in Vim before 9.2.0699 occurs when a victim triggers Python omni-completion (omnifunc) inside a malicious buffer; the python3complete.vim and legacy pythoncomplete.vim runtime plugins reconstruct in-buffer function and class definitions and run them through Python's exec(), inserting each scope's docstring verbatim between triple quotes. Because the docstring is never escaped, a crafted docstring can close the triple-quoted literal and inject attacker-controlled Python that runs with the user's privileges. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but a regression test bundled with the fix demonstrates the breakout, confirming exploitability; EPSS data was not provided.

Code Injection Python RCE +2
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

Remote code execution in the Post Snippets WordPress plugin (versions 4.0.19 and earlier) lets an authenticated user with only Contributor-level privileges inject and execute arbitrary PHP/code on the server via the plugin's snippet-handling functionality (CWE-94). Because a low-privilege role can pivot to full server compromise with a scope change (S:C), this is a privilege-escalation-to-RCE flaw reported by Patchstack; no public exploit has been identified at time of analysis and it is not listed in CISA KEV.

Code Injection RCE Post Snippets
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Code injection in the Widget Options WordPress plugin (versions <= 4.2.3, by marketingfire) allows authenticated users holding the low-privileged Contributor role to achieve remote code execution on the host. Because exploitation only requires a Contributor account - a role frequently granted on multi-author and membership sites - an attacker who can register or compromise such an account can run arbitrary PHP and fully take over the site. There is no public exploit identified at time of analysis, but the 9.9 CVSS and CWE-94 classification place this at the most severe end of WordPress plugin flaws.

Code Injection RCE Widget Options
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation / host compromise risk in the Linux kernel arm64 KVM subsystem arises because __kvm_at_s12() (AT instruction emulation) and __kvm_find_s1_desc_level() invoke the stage-1/nested stage-2 page-table walkers walk_s1() and kvm_walk_nested_s2() without holding kvm->srcu, which those walkers require to guard against concurrent memslot changes. A malicious or compromised guest on an affected arm64 host can race memslot updates against these walks, with CVSS scoring confidentiality, integrity and availability all High under a changed scope (host impact). It is patched in stable trees, EPSS is low (0.17%), and there is no public exploit identified at time of analysis.

Code Injection Linux
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Content injection in GitLab CE/EE via improper Snippet input validation permits authenticated low-privilege users to conceal arbitrary content within Snippets, affecting all versions from 14.8 through 19.1.0. Despite being tagged as Code Injection (CWE-94) with RCE in vendor-supplied tags, the published CVSS score of 4.3 with only low integrity impact (I:L) indicates the vendor-confirmed impact is scoped to content concealment rather than full remote code execution. Patches are available in versions 18.11.6, 19.0.3, and 19.1.1; no public exploit and no CISA KEV listing have been identified at time of analysis.

Code Injection Gitlab RCE
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege-impacting memory corruption in the Linux kernel's Intel ice network driver allows a double-free of a transmit buffer's skb when the TX offload paths fail. When ice_tso() or ice_tx_csum() return an error, ice_xmit_frame_ring() frees the skb but leaves the 'first' tx_buf still marked ICE_TX_BUF_SKB, so a later ice_clean_tx_ring() during interface teardown frees the same skb a second time. Carries a CVSS 3.1 base of 7.8 (AV:L/PR:L), but with a low EPSS of 0.15% (5th percentile), no KEV listing, and no public exploit identified at time of analysis.

Code Injection Linux Intel
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in the Linux kernel arises from a SOFTIRQ-safe to SOFTIRQ-unsafe lock-ordering deadlock in the fasync signaling path (fs/fcntl), where send_sigio() and send_sigurg() take read_lock(&tasklist_lock) from softirq context while traversing a process group (PIDTYPE_PGID). When this collides with a writer spinning on tasklist_lock during fork()/exit(), the CPU can deadlock and hang. The flaw is reachable remotely via TCP URG packets (send_sigurg through NET_RX_SOFTIRQ), affects multiple stable branches, and is fixed by switching the traversal to RCU. There is no public exploit identified at time of analysis and EPSS is low (0.18%).

Code Injection Linux
NVD VulDB
EPSS 0% CVSS 3.7
LOW Monitor

LDAP injection in Jenkins Active Directory Plugin 2.41.1 and earlier allows unauthenticated remote attackers to enumerate Active Directory entries and authenticate as any directory user they can identify via wildcard matching, provided they already know that user's password. The vulnerability is confined to the Windows native ADSI authentication path, limiting exposure to Jenkins instances running on Windows with ADSI configured. No public exploit code or active exploitation has been identified; SSVC rates it non-automatable with partial technical impact.

Code Injection LDAP Jenkins +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated PHP code injection in the AdRotate Banner Manager WordPress plugin (versions ≤5.17.7) allows Contributor-level users to execute arbitrary PHP on the server by abusing the 'banner' attribute of the [adrotate] shortcode. Exploitation requires W3 Total Cache or Borlabs Cache support to be enabled in AdRotate settings, where unsanitized input is concatenated into a PHP string wrapped in mfunc/fragment cache markers. Reported by Wordfence; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Code Injection WordPress PHP +2
NVD
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.29 allows malicious pickle files to evade scanning by abusing the undetected idlelib.calltip.Calltip.fetch_tip function, enabling arbitrary code execution when the file is later loaded via pickle.load(). Affects ML supply chains relying on picklescan to vet PyTorch models; publicly available exploit code exists in the GHSA advisory, but no public exploit identified in active campaigns at time of analysis.

Code Injection RCE Picklescan
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Arbitrary file write in TortoiseGit's TortoiseGitBlame component is triggered when a user opens a malicious git repository and invokes blame history on a file whose historical filenames contain argument injection payloads. The injected arguments are passed unsanitized to underlying git subprocess calls, allowing an attacker-controlled repository to write files to arbitrary paths on the victim's Windows filesystem. No public exploit has been identified at time of analysis, and no KEV listing exists; however, a fix commit is available upstream.

Code Injection Tortoisegit
NVD VulDB
EPSS 0% CVSS 7.9
HIGH This Week

Log injection in upKeeper Instant Privilege Access through 1.6.1 on Windows allows remote unauthenticated attackers to forge, tamper with, or inject crafted entries into application logs by smuggling unneutralized control characters through logged inputs. The flaw (CWE-117) does not directly compromise the upKeeper agent itself but produces high integrity, confidentiality, and availability impact on subsequent log-consuming systems (SIEM, audit pipelines). No public exploit identified at time of analysis and the CVE is not present in CISA KEV.

Code Injection Microsoft Upkeeper Instant Privilege Access
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's netfilter NFQUEUE subsystem affects bridge LOCAL_IN packet handling, where br_pass_frame_up() rewrites skb->dev to the bridge master before queuing without holding a reference on that device. A local attacker who can influence queued bridge traffic and trigger bridge teardown (NETDEV_DOWN) can cause the kernel to re-enter the receive path with a freed bridge master device, yielding a use-after-free with high confidentiality, integrity, and availability impact (CVSS 7.8). There is no public exploit identified at time of analysis, and EPSS exploitation probability is low (0.19%, 9th percentile).

Code Injection Linux Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

PHP Object Injection in the Post Duplicator WordPress plugin before 3.0.15 lets authenticated users with Contributor-level access or higher inject arbitrary serialized PHP objects by abusing the plugin's post-duplication routine, which copies attacker-controlled custom meta-data without the WordPress meta API's double-serialization safeguard. Successful exploitation can lead to property-oriented programming attacks and, with a suitable gadget chain present, full compromise of the site. Publicly available exploit code exists (WPScan), though the flaw is not listed in CISA KEV and carries a low EPSS score (0.15%, 5th percentile).

WordPress Code Injection PHP +1
NVD WPScan VulDB
EPSS 0% CVSS 8.9
HIGH This Week

Trusted measurement-list poisoning in Google go-attestation through 0.6.0 lets a remote actor who controls a TPM event log fed to an attestation verifier inject arbitrary SHA256 hashes into the verifier's trusted hash database. Because parseEfiSignatureList() never advances past the EFI_SIGNATURE_LIST SignatureHeaderSize vendor bytes, those attacker-chosen bytes are accepted as legitimate hash entries, allowing a compromised boot state to be attested as healthy. No public exploit identified at time of analysis, but the fix is upstream in v0.6.1 and the root cause is documented in GHSA-9r4w-jg96-92mv.

Google Code Injection Go Attestation
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Cross-tenant data injection in the Snipe-IT Accessories API (versions <= 8.6.1) lets a low-privileged authenticated user in one company write persistent accessory records into another company's inventory by supplying a foreign company_id in the API request body. The flaw only manifests when Full Multiple Companies Support (FMCS) is enabled, and it breaks tenant isolation because the API store/update path mass-assigns company_id without the enforcement the web UI applies. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the fix and a regression test are publicly visible in the vendor commit, making the mechanism easy to reproduce.

Code Injection
NVD GitHub
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

Config file injection in CPython's configparser module allows an attacker who controls multi-line values written via configparser.write() to smuggle arbitrary keys and values into the resulting INI-style configuration file by embedding carriage return (\r) characters. All CPython versions are listed as affected per the NVD CPE wildcard, and any Python application that writes attacker-influenced data to config files via configparser is a candidate target. No public exploit has been identified at time of analysis; CVSS 4.0 scores this at 4.1 (Medium) with high privilege requirements and specific attack conditions.

Code Injection Cpython Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated PHP code injection in Revive Adserver 6.0.6 and earlier allows a low-privileged user to embed arbitrary PHP into the compiledlimitations database field via the logical parameter of delivery limitations, with execution occurring later during banner delivery. The flaw is exploitable over the network with low complexity and yields full confidentiality, integrity, and availability impact (CVSS 8.8), though no public exploit identified at time of analysis.

PHP RCE Code Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated PHP code injection in Revive Adserver 6.0.6 and earlier allows a low-privileged user to smuggle an unexpected parameter into the delivery limitations save flow, planting attacker-controlled PHP into the compiledlimitations field that is then evaluated when banners are served. With CVSS 8.8 and a CWE-94 root cause, successful exploitation yields full code execution under the web/ad-delivery process, though there is no public exploit identified at time of analysis and the vulnerability is not in CISA KEV.

PHP RCE Code Injection +1
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Missing cookie name validation on the write path in Hono's setCookie(), serialize(), and serializeSigned() functions allows user-controlled input containing CRLF control characters to produce malformed Set-Cookie headers. Affected are all Hono npm releases before 4.12.12. In practice, modern runtimes including Node.js and Cloudflare Workers reject the malformed headers before they are transmitted, meaning confirmed impact is availability loss (runtime errors crashing the response) rather than header injection or response splitting - though theoretical risk exists on less-strict runtimes. No active exploitation is confirmed, and no public exploit code has been identified.

Code Injection Node.js Hono
NVD GitHub
EPSS 0% CVSS 9.2
CRITICAL Act Now

Arbitrary JavaScript code execution in the expr-eval npm package affects all released versions when applications pass user-controlled expressions to the toJSFunction() API, which compiles them via new Function() and executes them in the host process context. Snyk discloses no public exploit identified at time of analysis, but the trivial attack pattern (sandbox escape via crafted math expressions) and CVSS 4.0 score of 9.2 make this a high-priority issue for any Node.js or browser application that exposes expr-eval to untrusted input.

RCE Code Injection Expr Eval
NVD GitHub VulDB
CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution in XWiki Pro Macros (com.xwiki.pro:xwiki-pro-macros) versions >=1.13 and <1.14.5 allows any authenticated user with page-edit rights to execute arbitrary Groovy code via the excerpt-include macro, which fails to escape the included page's title and renders excerpt content with the macro's elevated rights. A working proof-of-concept is published in the GHSA advisory demonstrating injection through both a crafted page title and excerpt body. No public exploit identified at time of analysis as actively used, but the publicly available exploit code exists in the advisory itself.

Atlassian RCE Code Injection
NVD GitHub
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

Arbitrary code execution in mise (jdx/mise) versions prior to 2026.3.10 allows attackers to run shell commands as the victim user simply by having them `cd` into a directory containing a malicious `.tool-versions` file. Unlike `.mise.toml`, `.tool-versions` files bypass the trust verification gate in non-paranoid mode, so the Tera template engine's `exec()` function fires silently from the shell `hook-env`. No public exploit identified at time of analysis beyond the detailed reporter PoC, but exploitation is trivial and a working PoC is embedded in the advisory.

RCE Python Apple +2
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Remote code execution in Autodesk Fusion Desktop's MCP (Model Context Protocol) extension allows attackers to execute arbitrary code with current user privileges when a victim visits a malicious webpage while Fusion is running with the MCP extension enabled. The flaw is rated CVSS 9.6 (Critical) due to its network-reachable nature and scope change, though successful exploitation requires user interaction (visiting a crafted page) and the non-default MCP extension being enabled. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

RCE Code Injection Fusion
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution and denial of service in IBM WebSphere Application Server and WebSphere Application Server Liberty (including IBM i 7.3-7.6) occurs when the WebServer Plug-in component is deployed with Intelligent Management enabled. An attacker who can impersonate a backend application server and return crafted responses can trigger code injection (CWE-94) against the plug-in, yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis; EPSS 0.38% and SSVC exploitation 'none' indicate no observed weaponization despite the 9.8 CVSS rating.

RCE IBM Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution and denial of service in the IBM WebSphere Web Server Plug-in shipped with IBM i 7.3, 7.4, 7.5, and 7.6 (through 1.8.4) allows an attacker positioned on the adjacent network to abuse the plug-in's handling of responses from an upstream WebSphere Application Server. By impersonating the application server and returning crafted responses, the attacker can trigger code injection (CWE-94) against the plug-in, leading to full compromise of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and EPSS is low (0.25%), but SSVC rates the technical impact as total.

RCE IBM Denial Of Service +1
NVD VulDB
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully compromise the host by bypassing authentication and abusing improper Python execution isolation. The maximum CVSS 10.0 score (AV:N/AC:L/PR:N/UI:N with scope change) reflects trivial network-based exploitation against any internet-exposed instance, though no public exploit identified at time of analysis. IBM has confirmed the issue and released a patch via support advisory node/7277242.

Code Injection IBM Python +3
NVD VulDB
EPSS 0% CVSS 2.0
LOW PATCH Monitor

HTML injection in Canarytokens' Google Chat webhook notifications allows an attacker who triggers a deployed canarytoken to embed limited HTML content - including crafted hyperlinks - inside the resulting alert message rendered in Google Chat. The vulnerable system is Canarytokens itself (Docker tag sha-4aef1db90 through sha-8ab4dccd), but the integrity impact lands on the subsequent system: the Google Chat interface where defenders receive their alerts. A proof of concept exists per CVSS 4.0 supplemental metric E:P; no confirmed active exploitation or CISA KEV listing exists at time of analysis.

Google Code Injection Docker +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote code execution in MISP allows authenticated site administrators to abuse the JsonLogTool NDJSON error log configuration to write attacker-controlled content to a PHP file under the webroot, yielding code execution as the web server user. No public exploit identified at time of analysis, but a vendor patch is available via the MISP GitHub repository.

RCE PHP Code Injection +1
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Metric injection in the Perl module Net::Statsite::Client through version 1.1.0 allows attackers controlling metric names or values to inject arbitrary statsite protocol commands by smuggling newlines, colons, and pipe characters that the library fails to sanitize. The flaw maps to CWE-93 (CRLF Injection) and affects any application that forwards untrusted input into metric reporting. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

Code Injection Net
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Formula injection in Venueless Excel exports allows an attacker with a low-privilege account to embed malicious spreadsheet formulas into user-supplied data fields, which execute when an administrator opens the generated export file. Affected deployments include all versions of Venueless (pretix) as indicated by the wildcard CPE entry. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, but the low attack complexity and the availability of a GitHub security advisory signal a credible, reproducible attack path against administrative workflows.

Code Injection Venueless
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

LDAP injection in Central Dogma's Apache Shiro-based authentication module exposes unauthenticated remote attackers to authentication confusion and Active Directory enumeration. The SearchFirstActiveDirectoryRealm component in centraldogma-server-auth-shiro versions prior to 0.84.0 inserts the login username directly into an LDAP search filter without escaping metacharacters, allowing filter logic manipulation. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication or preconditions are required beyond reaching the login endpoint. No public exploit or CISA KEV listing has been identified at time of analysis.

Information Disclosure Central Dogma LDAP +1
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW Monitor

Code injection in langflow's Bundle URL Loader component allows local attackers with low privileges to inject and execute arbitrary code within the langflow process across versions 1.9.0 through 1.9.3. A publicly available proof-of-concept demonstrating startup-time RCE via maliciously crafted bundle URLs has been published by the researcher, though the CVSS 4.0 vector (VC:L/VI:L/VA:L) rates impact as low - a discrepancy with the RCE claim in the PoC that warrants independent verification. No vendor-released patch is available; the vendor did not respond to the researcher's disclosure.

Code Injection Langflow
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Authenticated remote code execution in Craft CMS versions 5.5.0 through 5.9.13 allows admin users to execute arbitrary PHP by injecting Yii2 event handlers via the fieldLayoutConfig POST parameter to FieldsController::actionRenderCardPreview(). The flaw stems from missing Component::cleanseConfig() sanitization, enabling disclosure of environment variables including database credentials and CRAFT_SECURITY_KEY. No public exploit identified at time of analysis, though VulnCheck has published a detailed advisory describing the attack technique.

Code Injection RCE PHP +1
NVD GitHub VulDB
EPSS 0% CVSS 5.2
MEDIUM This Month

SQL injection via improperly escaped MySQL table names in Apache NiFi's CaptureChangeMySQL Processor (versions 1.2.0 through 2.9.0) allows an attacker with MySQL CREATE TABLE access in a monitored database to inject arbitrary SQL commands executed under NiFi's MySQL service credentials. A partial mitigation introduced in 1.8.0 added manual quoted boundaries that narrowed - but did not eliminate - the injection surface; the root flaw persisted for years until full remediation in 2.10.0. No public exploit identified at time of analysis and not listed in CISA KEV; the issue was discovered by Roberto Suggi Liverani of the NATO Cyber Security Centre (NCSC) and disclosed in April 2026.

Apache Code Injection Nifi
NVD VulDB
EPSS 1% CVSS 9.9
CRITICAL Act Now

Remote code execution in Prefect 3.6.23 allows any user holding deployment-creation permissions to run arbitrary commands on shared worker machines by abusing the GitRepository storage class. The commit_sha and directories parameters are concatenated into git invocations without a `--` separator or validation, letting attackers smuggle flags such as `--upload-pack` to execute external programs. No public exploit identified at time of analysis, but the bug was reported via huntr and is particularly dangerous for multi-tenant work pools where worker compromise crosses trust boundaries.

RCE Code Injection Prefecthq Prefect
NVD VulDB
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Denial Of Service +2
NVD GitHub VulDB
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE WordPress +2
NVD Exploit-DB VulDB
CVSS 6.8
MEDIUM PATCH This Month

LDAP injection in OpenBao versions 0.1.0 through 2.5.4 allows an attacker with a valid low-privileged LDAP account to impersonate arbitrary directory users, including administrators, by supplying filter metacharacters in the username field at login. The root cause is a function selection error in `sdk/helper/ldaputil/client.go`: `EscapeLDAPValue()` (RFC 4514, DN escaping) is used in LDAP filter construction instead of `ldap.EscapeFilter()` (RFC 4515), leaving characters `*`, `(`, `)`, `\`, and NUL unescaped and injectable. Publicly available exploit code exists in the vendor advisory; no confirmed active exploitation (CISA KEV) has been identified at time of analysis.

LDAP Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Code injection in @tinacms/cli versions prior to 2.4.3 allows an attacker who controls a Forestry-style project to achieve remote code execution on a developer's workstation when the `tinacms init` Forestry migration runs and the developer subsequently executes `tinacms dev` or `tinacms build`. The `addVariablesToCode` helper unquotes any value matching the marker `__TINA_INTERNAL__:::(.*?):::` placed in a stringified collection JSON, and user-supplied `label`/`name` fields from `.forestry/**/*.yml` are inserted into that JSON without sanitisation, yielding a top-level IIFE in the generated `tina/templates.ts`. A detailed end-to-end PoC is published in the GHSA-4936-9hrh-qqpw advisory; no public exploit identified at time of analysis beyond the disclosure PoC, and the CVE is not in CISA KEV.

Node.js Microsoft Code Injection +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cedar policy injection in CedarJava (com.cedarpolicy:cedar-java) versions below 2.3.6, 3.4.1, and 4.9.0 allows attackers to alter authorization outcomes by smuggling Cedar expressions through unescaped string values. The flaw is in toCedarExpr() on Cedar Value types, which fails to escape quote and backslash characters when serializing user-controlled values into policy text. No public exploit identified at time of analysis, but the integrity impact is severe because injected fragments like '|| true' can neutralize permit/forbid logic in fine-grained authorization decisions.

Code Injection Java RCE
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Cookie domain validation in guzzlehttp/guzzle before 7.12.1 allows cross-origin cookie injection when a shared CookieJar contacts both attacker-controlled and trusted hosts. The flaw stems from SetCookie::matchesDomain() normalizing dot-only Domain values (e.g., 'Domain=.', 'Domain=..') to an empty string, while SetCookie::validate() only rejected strictly empty domains - meaning normalized-empty domains were stored and silently treated as matching every request host. Any application using new Client(['cookies' => true]) or an explicit shared CookieJar that requests data from an attacker-reachable origin is exposed to session fixation or cookie injection against unrelated downstream services. No public exploit or CISA KEV listing has been identified at time of analysis.

Code Injection
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

CRLF injection in guzzlehttp/psr7 (all versions prior to 2.12.1) enables header injection, response splitting, request smuggling, or cache poisoning when attacker-controlled data reaches the HTTP start-line fields - request method, protocol version, or response reason phrase - and the resulting PSR-7 object is serialized to raw HTTP/1.x. The vulnerability is confined to the serialization pathway: standard Guzzle HTTP client usage is explicitly not affected, but proxies, crawlers, webhook delivery systems, and custom transports that call `Message::toString()`, `Message::parseRequest()`, or `Message::parseResponse()` and re-emit the raw bytes are at direct risk. No public exploit has been identified at time of analysis, and the vendor has released a confirmed patch in version 2.12.1.

Code Injection
NVD GitHub
EPSS 0% CVSS 8.5
HIGH POC This Week

Local privilege escalation in Avast Antivirus 25.11 allows non-privileged Windows users to execute arbitrary code as SYSTEM by abusing an unquoted service path in the SecureLine service. Publicly available exploit code exists (Exploit-DB 52510), and the issue was reported by VulnCheck; no public exploit identified at time of analysis indicates wider active exploitation, but the low-complexity local vector makes this attractive for post-compromise escalation.

Code Injection Avast Antivirus
NVD Exploit-DB VulDB
EPSS 1% CVSS 9.4
CRITICAL PATCH Act Now

{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no public exploit was identified at time of analysis and it is not listed in CISA KEV. Reported by SUSE through GitHub Security Advisory GHSA-mhc6-2gfq-xx62.

Command Injection Code Injection Rancher +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Environment variable injection in pam_usb prior to version 0.9.2 allows a local authenticated user to bypass hardware USB token authentication by manipulating the XRDP_SESSION, DISPLAY, or TMUX environment variables before invoking setuid binaries such as sudo or su. Because the PAM module calls standard getenv() - which does not sanitize values in privileged contexts - attacker-controlled environment data is used to determine whether the current session is local or remote, potentially defeating the core purpose of hardware-enforced authentication. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the authentication bypass impact makes this a high-priority upgrade for any deployment relying on pam_usb for privileged command gating.

Code Injection Pam Usb
NVD GitHub
Prev Page 2 of 54 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy