Code Injection
Monthly
Multiple shell injection and untrusted search path vulnerabilities in Wazuh agent and manager (versions 2.1.0 through 4.7.x) enable remote code execution through malicious configuration parameters. Authenticated attackers with high privileges can inject commands via logcollector configuration files, maild SMTP server tags, and Kaspersky AR script parameters. The CVSS 4.0 score of 7.1 reflects network-accessible attack vector with low complexity but requiring high-privilege credentials; no public exploit identified at time of analysis.
Remote code execution is achievable in Grafana installations through a chained attack combining SQL Expressions with a Grafana Enterprise plugin, affecting both open-source and Enterprise deployments. The vulnerability requires high-privilege authenticated access (PR:H) but enables cross-scope impact with complete system compromise once exploited. Only instances with the sqlExpressions feature toggle enabled are vulnerable, though Grafana recommends all users update to prevent future exploitation paths using this attack vector. No public exploit identified at time of analysis, and authentication as a high-privilege user is required per CVSS vector.
Open-Xchange Dovecot Pro contains an LDAP filter injection vulnerability in its authentication module that allows remote unauthenticated attackers to inject arbitrary LDAP filters when the auth_username_chars configuration parameter is left empty, potentially enabling authentication bypass and reconnaissance of LDAP directory structures. The vulnerability carries a low CVSS score of 3.7 due to high attack complexity requirements, and no public exploit code has been identified at the time of analysis.
BUFFALO Wi-Fi router products allow remote code execution through a code injection vulnerability requiring user interaction. An unauthenticated attacker (CVSS PR:N) can execute arbitrary code on affected devices with high impact to confidentiality, integrity, and availability (CVSS 8.8). The vulnerability was disclosed through JVN and BUFFALO's official advisory, with no public exploit identified at time of analysis.
Remote code execution is possible in the happy-dom JavaScript DOM implementation (npm package) through injection of malicious JavaScript expressions in ES module export declarations. Attackers can bypass input sanitization by using template literal syntax (backticks) to execute arbitrary system commands when happy-dom processes untrusted HTML content with JavaScript evaluation enabled. The vulnerability affects happy-dom versions prior to 20.8.8, with a publicly available exploit code that demonstrates command execution via Node.js child_process module. CVSS score of 8.8 reflects network-based attack vector requiring user interaction, with complete confidentiality, integrity, and availability impact.
Langflow's Agentic Assistant feature executes LLM-generated Python code server-side during component validation, enabling arbitrary code execution when attackers can influence model outputs. The vulnerability affects the pip package 'langflow' and exists in endpoints /assist and streaming paths that invoke exec() on dynamically generated component code. A proof-of-concept exists demonstrating the execution chain from user input through validation to code execution. Authentication requirements depend on deployment configuration, with AUTO_LOGIN=true defaults potentially widening exposure. No public exploit identified at time of analysis beyond the documented PoC, though the technical details and code references provide a complete exploitation blueprint.
Remote command execution can be achieved by low-privileged authenticated users (ProjectMember role) in OneUptime monitoring platform versions prior to 10.0.35 by exploiting incomplete sandbox restrictions in Synthetic Monitor Playwright script execution. Attackers can traverse the unblocked _browserType and launchServer properties via page.context().browser()._browserType.launchServer() to spawn arbitrary processes on the Probe container or host. A proof-of-concept exploit exists per SSVC framework data, and the vulnerability carries a CVSS score of 9.9 with Critical severity due to scope change and total technical impact.
HTTP Response Splitting in HCL Aftermarket DPC allows unauthenticated remote attackers to inject arbitrary content or commands into HTTP responses, potentially leading to content spoofing or further exploitation depending on application response handling. The vulnerability affects Aftermarket DPC version 1.0.0 and requires user interaction to exploit. No public exploit identified at time of analysis, and exploitation is not currently automatable according to CISA SSVC assessment, resulting in a low real-world risk profile despite the injection vector.
BentoML, a Python framework for ML model serving, contains a command injection vulnerability in the docker.system_packages configuration field of bentofile.yaml files. The vulnerability affects all versions supporting this feature (confirmed in version 1.4.36) and allows attackers to execute arbitrary commands during the Docker image build process (bentoml containerize). This is a high-severity supply chain risk with a CVSS score of 7.8, requiring user interaction to trigger but achieving full command execution as root during container builds.
Remote code execution in Daylight Studio FuelCMS v1.5.2 through the /parser/dwoo component enables unauthenticated attackers to execute arbitrary PHP code via specially crafted input. The vulnerability exploits insufficient input validation in the Dwoo template engine integration, allowing direct PHP code injection. Attack complexity appears low given the public references to exploitation techniques in the provided pentest-tools PDF, though no formal CVSS scoring or CISA KEV confirmation is available to assess real-world exploitation prevalence.
n8n contains an LDAP injection vulnerability in the LDAP node's filter escape logic that allows LDAP metacharacters to pass through unescaped when user-controlled input is interpolated into LDAP search filters. This affects n8n versions prior to 1.123.27, 2.13.3, and 2.14.1, enabling attackers to manipulate LDAP queries to retrieve unintended directory records or bypass authentication controls implemented within workflows. The vulnerability requires specific workflow configuration (LDAP node receiving external user input via expressions) and has not been publicly reported as actively exploited, though no proof-of-concept availability is explicitly confirmed across available intelligence sources.
An authenticated user with workflow creation or modification privileges in n8n workflow automation platform can exploit the Merge node's 'Combine by SQL' mode to read arbitrary local files on the n8n host and achieve remote code execution. n8n versions prior to 2.14.1, 2.13.3, and 1.123.26 are affected. The vulnerability carries a CVSS 4.0 score of 9.4 (Critical) due to insufficient sandbox restrictions in the AlaSQL component, allowing SQL injection-style attacks against the host system. No public proof-of-concept or active exploitation (KEV) status has been reported at this time.
A Code Injection vulnerability (CWE-94) exists in Nelio AB Testing WordPress plugin through version 8.2.7 that allows attackers to execute arbitrary code on affected installations. The vulnerability affects the Nelio Software product across all versions up to and including 8.2.7, potentially enabling remote code execution (RCE). This is a critical severity issue as it permits unauthenticated or low-privilege attackers to gain complete control over WordPress sites running the vulnerable plugin.
A Code Injection vulnerability (CWE-94) exists in JetFormBuilder versions up to and including 3.5.6.1, allowing attackers to inject and execute arbitrary code within the application context. The vulnerability affects the JetFormBuilder plugin for WordPress across all versions through 3.5.6.1, and an attacker can leverage this to achieve Remote Code Execution (RCE) by injecting malicious code through form-processing mechanisms. Patchstack has documented this vulnerability with an assigned EUVD ID (EUVD-2026-15889), and while a CVSS score has not been formally assigned, the RCE classification indicates critical severity.
Total Poll Lite, a WordPress plugin, contains an improper code injection vulnerability (CWE-94) that allows remote code inclusion and execution. All versions up to and including 4.12.0 are affected. An attacker can exploit this vulnerability to achieve remote code execution (RCE) on WordPress installations running the vulnerable plugin, potentially gaining full control of the affected web application.
A Code Injection vulnerability (CWE-94) exists in the Jonathan Daggerhart Widget Wrangler WordPress plugin through version 2.3.9, allowing unauthenticated attackers to execute arbitrary code on affected installations. This Remote Code Execution (RCE) vulnerability enables complete server compromise and data exfiltration. Active exploitation has been documented by Patchstack, indicating this is a practical, real-world threat requiring immediate patching.
A Code Injection vulnerability exists in the Themeisle Woody ad snippets plugin (insert-php) through version 2.7.1 that allows unauthenticated attackers to execute arbitrary PHP code on affected WordPress installations. The vulnerability stems from improper control of code generation, classified as CWE-94, enabling remote code execution (RCE). Patchstack has documented this issue, and affected installations should be patched immediately as the attack vector appears to be network-accessible with low complexity.
The Post Snippets WordPress plugin versions up to and including 4.0.12 contain an improper code generation vulnerability (CWE-94) that enables remote code injection and execution. An attacker can exploit this flaw to execute arbitrary code on affected WordPress installations, potentially leading to complete site compromise. The vulnerability has been publicly documented by Patchstack with available references, and the attack vector appears to be network-based without requiring high privileges.
A CRLF injection vulnerability exists in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software that allows unauthenticated remote attackers to inject arbitrary log entries and manipulate log file structure. The vulnerability stems from insufficient input validation in the Cisco IOx management interface and affects a broad range of Cisco IOS XE Software versions from 16.6.1 through 17.18.1x. A successful exploit enables attackers to obscure legitimate log events, inject malicious log entries, or corrupt log file integrity without requiring authentication, making it particularly dangerous in environments where log analysis is relied upon for security monitoring and compliance.
The pdf-image npm package through version 2.0.0 contains an OS command injection vulnerability in the pdfFilePath parameter. Attackers can exploit this remotely without authentication by injecting malicious commands through file path inputs that are passed unsafely to shell commands via child_process.exec(). A proof-of-concept exploit is publicly available on GitHub (zebbernCVE/CVE-2026-26830), significantly increasing exploitation risk.
The textract library through version 2.5.0 contains an OS command injection vulnerability in its file extraction modules that allows attackers to execute arbitrary operating system commands by crafting malicious filenames. The vulnerability affects multiple extractors (doc.js, rtf.js, dxf.js, images.js, and util.js) where user-supplied file paths are passed directly to child_process.exec() without adequate sanitization. An attacker can exploit this by uploading or referencing files with specially crafted names containing shell metacharacters, leading to complete system compromise with the privileges of the process running textract.
Thumbler through version 1.1.2 contains an OS command injection vulnerability in the thumbnail() function where user-supplied input from the input, output, time, or size parameters is directly concatenated into shell commands executed via Node.js child_process.exec() without sanitization or escaping. This allows unauthenticated attackers to execute arbitrary operating system commands with the privileges of the application process. A proof-of-concept has been documented in public repositories, making this vulnerability immediately actionable for exploitation.
PinchTab versions 0.8.3 through 0.8.5 contain a security-policy bypass that allows arbitrary JavaScript execution through the POST /wait endpoint's fn mode, even when the security.allowEvaluate setting is explicitly disabled. While the /evaluate endpoint correctly enforces the allowEvaluate guard, the /wait endpoint fails to apply the same policy check before evaluating caller-supplied JavaScript expressions, enabling authenticated users with an API token to execute arbitrary code in browser tab contexts despite the operator's intention to disable JavaScript evaluation. A proof-of-concept demonstrating this bypass has been published by the vendor, showing that side effects can be introduced in page state and confirmed through subsequent requests.
The Zabbix Agent 2 Docker plugin contains an argument injection vulnerability in the 'docker.container_info' parameter handler that fails to properly sanitize user-supplied input before forwarding requests to the Docker daemon. An authenticated attacker who can invoke Agent 2 can exploit this flaw to read arbitrary files from running Docker containers by injecting malicious parameters through the Docker archive API, potentially exposing sensitive application data, credentials, and configuration files. While no CVSS score or EPSS data is currently available, and no indication of active exploitation in the wild has been reported, this represents a direct path to container escape and lateral movement for attackers with agent-level access.
Vikunja Desktop (Electron wrapper) versions 0.21.0 through 2.1.x contain a critical remote code execution vulnerability caused by enabled Node.js integration combined with missing navigation controls. An attacker who is a legitimate user on a shared Vikunja instance can inject a malicious hyperlink into user-generated content (task descriptions, comments, project descriptions) that, when clicked by a victim using Vikunja Desktop, causes arbitrary code execution with the victim's OS user privileges. A proof-of-concept demonstrating command execution via a simple HTML link has been documented, and the vulnerability affects all Desktop users on affected versions.
The Vikunja Desktop Electron wrapper enables Node.js integration in the renderer process without proper context isolation or sandboxing, allowing any cross-site scripting vulnerability in the web frontend to escalate directly to remote code execution on the victim's machine. Vikunja versions 0.21.0 through 2.1.x are affected, as confirmed by CPE cpe:2.3:a:go-vikunja:vikunja. An attacker exploiting an XSS flaw gains full access to Node.js APIs and the underlying operating system, making this a critical privilege escalation from web-based XSS to system-level RCE.
NGINX Plus and NGINX Open Source contain an improper handling vulnerability in the ngx_mail_smtp_module that allows DNS response injection through malformed CRLF sequences. An attacker controlling a DNS server can inject arbitrary headers into SMTP upstream requests, potentially manipulating mail routing and message content. With a CVSS score of 3.7 and low attack complexity, this represents an integrity issue rather than a critical exploitability threat, though it requires network-level DNS control.
A code injection vulnerability exists in dendibakh perf-ninja's Lua modules (specifically in ldo.C within labs/misc/pgo), allowing improper control of code generation that can lead to remote code execution. The vulnerability affects all versions of perf-ninja as indicated by the CPE specification. An attacker can exploit this flaw to inject and execute arbitrary code, with a vendor patch now available to remediate the issue.
The Woocommerce Custom Product Addons Pro plugin for WordPress contains a critical remote code execution vulnerability caused by unsafe use of PHP's eval() function when processing custom pricing formulas. All versions up to and including 5.4.1 are affected, allowing unauthenticated attackers to execute arbitrary PHP code on the server by submitting malicious input to WCPA text fields configured with custom pricing formulas. With a CVSS score of 9.8, this represents a maximum severity issue requiring immediate attention, though EPSS and KEV status data are not provided in the available intelligence.
OpenClaw versions 2026.2.26 through 2026.3.0 contain a current working directory (CWD) injection vulnerability in the Windows wrapper resolution mechanism for .cmd and .bat files, allowing attackers with local access to manipulate CWD and achieve command execution with integrity compromise. An attacker with local privileges can alter the working directory to inject malicious wrapper scripts that execute instead of legitimate ones, bypassing command execution controls. The vulnerability requires local access and moderate complexity but enables high-integrity impact; no active KEV or widespread exploitation has been reported, but proof-of-concept details are documented in vendor security advisories.
An authenticated code injection vulnerability exists in the Code Study Plugin component of OpenSource Workshop Connect-CMS that allows authenticated users to execute arbitrary code on the server. Both the 1.x series (versions up to 1.41.0) and 2.x series (versions up to 2.41.0) are affected. With a CVSS score of 8.8 (High severity), this vulnerability enables remote code execution and information disclosure with low attack complexity and no user interaction required.
An Improper Neutralization of Argument Delimiters (Argument Injection) vulnerability exists in Salesforce Marketing Cloud Engagement that allows attackers to manipulate Web Services Protocol interactions through command injection. All versions of Marketing Cloud Engagement released before January 30th, 2026 are affected. An attacker with network access to the affected service can inject malicious arguments into commands, potentially leading to unauthorized actions, data exfiltration, or service compromise. No CVSS score, EPSS data, or confirmed public POC are currently available, but the vulnerability has been officially disclosed by Salesforce with a patch deadline, indicating active remediation efforts.
The ReviewX plugin for WordPress contains a critical arbitrary method call vulnerability in all versions up to and including 2.2.12. Unauthenticated attackers can exploit insufficient input validation in the bulkTenReviews function to call arbitrary PHP class methods, potentially achieving remote code execution or information disclosure. With a CVSS score of 7.3 and network-based exploitation requiring no privileges or user interaction, this presents a significant risk to WordPress sites using this WooCommerce product review plugin.
A critical command injection vulnerability exists in DigitalOcean Droplet Agent through version 1.3.2, where the troubleshooting actioner component processes metadata from the metadata service endpoint without adequate input validation, allowing attackers who can control metadata responses to inject and execute arbitrary OS commands with root privileges. An attacker can trigger the vulnerability by sending a TCP packet with specific sequence numbers to the SSH port, causing the agent to fetch and execute malicious commands from the metadata service, potentially leading to complete system compromise, data exfiltration, and lateral movement across cloud infrastructure. A public proof-of-concept exists at https://github.com/poxsky/CVE-2026-24516-DigitalOcean-RCE, indicating active research and potential exploitation risk.
A code injection vulnerability exists in Foundation Agents MetaGPT up to version 0.8.1, specifically in the DataInterpreter component's write_analysis_code.py file, allowing authenticated attackers to inject and execute arbitrary code remotely. The vulnerability is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) with a CVSS score of 6.3 and requires low privileges and no user interaction. A public proof-of-concept exploit is available, indicating active research and potential real-world exploitation risk.
A code injection vulnerability exists in Foundation Agents MetaGPT versions up to 0.8.1 within the code_generate function of metagpt/ext/aflow/scripts/operator.py, allowing authenticated remote attackers to execute arbitrary code. The vulnerability is classified as CWE-94 (improper control of generation of code) and carries a CVSS score of 6.3 with network-based attack vector requiring low privileges. A public exploit has been disclosed on GitHub, and the vendor has not responded to early disclosure attempts, elevating the practical risk despite the moderate CVSS rating.
The Task Manager plugin for WordPress (all versions up to 3.0.2) contains an arbitrary shortcode execution vulnerability in the AJAX search callback function due to missing capability checks and insufficient input validation. Authenticated attackers with Subscriber-level privileges and above can inject malicious shortcode syntax into search parameters to execute arbitrary shortcodes on the WordPress site, potentially leading to code execution and site compromise. The vulnerability is classified with a CVSS 3.1 score of 6.5 and has been reported by Wordfence security researchers.
The The Contact Form, Survey, Quiz & Popup Form Builder - ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
WebCTRL Premium Server contains a port binding vulnerability that allows an attacker with local access to bind to the same network port used by the WebCTRL service. This enables the attacker to send malicious packets and impersonate the legitimate WebCTRL service without injecting code into the application, potentially compromising confidentiality and integrity of building automation system communications. The vulnerability affects Automated Logic's WebCTRL Premium Server and has been disclosed by ICS-CERT, though no KEV listing or public POC is currently documented.
A code injection vulnerability exists in Mindinventory MindSQL up to version 0.2.1 that allows remote code execution through manipulation of the ask_db function in mindsql/core/mindsql_core.py. An authenticated attacker can exploit this vulnerability to execute arbitrary code on the affected system. A public proof-of-concept exploit is available, and the vendor has not responded to early disclosure attempts, increasing the likelihood of active exploitation.
The Kali Forms plugin for WordPress contains a critical remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code on the server. All versions up to and including 2.4.9 are affected, including the popular 'Kali Forms - Contact Form & Drag-and-Drop Builder' plugin by WPChill. The vulnerability carries a critical CVSS score of 9.8 due to its network-based attack vector, low complexity, and lack of required authentication or user interaction.
The Gallery plugin in AVideo contains an unauthenticated remote code execution vulnerability through CSRF-enabled PHP code injection. Attackers can exploit an eval() function that directly executes unsanitized user input by tricking an admin into visiting a malicious page, with the session cookie's SameSite=None configuration enabling cross-site request forgery. A detailed proof-of-concept exploit exists demonstrating command execution through crafted form submissions.
A code injection vulnerability exists in bagofwords (versions up to 0.0.297) within the generate_df function of backend/app/ai/code_execution/code_execution.py, allowing remote attackers with low privileges to inject and execute arbitrary code. The vulnerability (CWE-74: Improper Neutralization of Special Elements in Output) has a CVSS score of 6.3 (Medium) with network-based attack vector and low attack complexity, meaning exploitation requires only basic authentication and no user interaction. A public proof-of-concept exploit is already available, making this a practical threat requiring prompt remediation.
Uptime Kuma versions 1.23.0 through 2.2.0 contain an incomplete Server-Side Template Injection (SSTI) vulnerability in the LiquidJS templating engine that allows authenticated attackers to read arbitrary files from the server. A prior fix (GHSA-vffh-c9pq-4crh) attempted to restrict file path access through three mitigation options (root, relativeReference, dynamicPartials), but this fix only blocks quoted paths; attackers can bypass the mitigation by using unquoted absolute paths like /etc/passwd that successfully resolve through the require.resolve() fallback mechanism in liquid.node.js. The vulnerability requires low privileges (authenticated access) but can result in high confidentiality impact, making it a notable information disclosure risk for self-hosted monitoring deployments.
An LDAP injection vulnerability in SuiteCRM's authentication flow allows attackers to manipulate LDAP queries by injecting control characters into user-supplied input, potentially leading to authentication bypass or information disclosure. The vulnerability affects SuiteCRM versions prior to 7.15.1 and 8.9.3, which are open-source CRM systems widely deployed in enterprise environments. While no active exploitation has been reported (not in CISA KEV), the network-exploitable nature and potential for authentication bypass makes this a serious concern for organizations using affected versions.
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A critical remote code execution vulnerability in SuiteCRM versions 7.15.0 and 8.9.2 allows authenticated administrators to execute arbitrary system commands through a bypass of previous security patches. This vulnerability circumvents the ModuleScanner.php security controls by exploiting improper PHP token parsing that resets security checks when encountering single-character tokens, enabling attackers to hide dangerous function calls. The vulnerability represents a direct bypass of the previously patched CVE-2024-49774 and has been assigned a CVSS score of 9.1.
An authenticated remote code execution vulnerability exists in SuiteCRM modules that allows high-privileged users to execute arbitrary code on the server. The vulnerability affects SuiteCRM versions prior to 7.15.1 and 8.9.3, and stems from improper code injection protections (CWE-94). While exploitation requires high privileges (admin-level), successful attacks grant complete control over the CRM system containing sensitive customer data.
OpenClaw versions before 2026.2.22 allow local attackers with environment access to execute arbitrary commands by manipulating the SHELL environment variable, which is insufficiently validated during shell fallback operations. An attacker can leverage this to run malicious code with the privileges of the OpenClaw process. No patch is currently available for this vulnerability.
CVE-2026-32029 is a security vulnerability (CVSS 6.3). Remediation should follow standard vulnerability management procedures.
Remote code execution in wgcloud version 2.3.7 and earlier allows unauthenticated attackers to execute arbitrary code through the test connection function. The vulnerability carries a critical CVSS score of 9.8 with network-based exploitation requiring no privileges or user interaction. No public exploit has been identified at time of analysis, though the EPSS score of 0.29% (52nd percentile) indicates low predicted exploitation probability despite the critical severity rating.
A remote code execution vulnerability in Instant Popup Builder (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted...
A remote code execution vulnerability in DedeCMS v.5.7.118 and (CVSS 9.8) that allows a remote attacker. Critical severity with potential for significant impact on affected systems.
Dynaconf, a Python configuration management library, contains a Server-Side Template Injection (SSTI) vulnerability in its @jinja resolver that allows arbitrary command execution when attackers can control configuration sources such as environment variables, .env files, or CI/CD secrets. The vulnerability affects pip package dynaconf and includes a public proof-of-concept demonstrating command execution via Jinja2 template evaluation without sandboxing. The @format resolver additionally enables object graph traversal to expose sensitive runtime data including API keys and credentials.
An unauthenticated remote code execution vulnerability exists in the mesop Python package's debugging Flask server endpoint (/exec-py) that accepts and executes arbitrary base64-encoded Python code without any authentication or validation. The vulnerability affects the mesop pip package, with a publicly disclosed proof-of-concept demonstrating trivial exploitation requiring only a single HTTP POST request. With a CVSS score of 9.8 (Critical) and detailed PoC availability, this represents an immediately exploitable vulnerability for any exposed instance.
The h3 JavaScript framework for Node.js contains a Server-Sent Events (SSE) injection vulnerability in its createEventStream function due to missing newline sanitization. Applications using h3's SSE functionality (pkg:npm/h3) are vulnerable to attackers who can control any part of SSE message fields (id, event, data, or comments), allowing injection of arbitrary events to all connected clients. A proof-of-concept exploit exists demonstrating event injection, cross-user content manipulation, and denial-of-service attacks.
Kanboard project management software contains a privilege escalation vulnerability in its user invite registration endpoint that allows invited users to inject the 'role=app-admin' parameter during account creation, granting themselves administrator privileges. This affects all Kanboard versions prior to 1.2.51. The vulnerability has documented proof-of-concept exploitation capability (CVSS E:P indicates PoC exists) and carries a CVSS 4.0 score of 7.0 with high integrity impact to both the vulnerable system and subsequent components.
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-33017, CVSS 9.3) in the public flow build API that allows attackers to execute arbitrary Python code by supplying malicious flow data. KEV-listed with public PoC, this vulnerability enables anyone with network access to a Langflow instance to achieve server compromise through the API that builds public flows without authentication.
Remote code execution in Atlassian Bamboo Data Center versions 9.6.0 through 12.1.0 allows authenticated attackers with high privileges to execute arbitrary code on affected systems with a CVSS score of 8.6. The vulnerability impacts multiple major versions with no patch currently available, requiring immediate upgrade to patched releases such as 9.6.24, 10.2.16, or 12.1.3. Organizations unable to upgrade should prioritize access controls for high-privileged accounts until remediation is possible.
A code injection vulnerability in the jsPDF library allows attackers to inject arbitrary PDF objects, including malicious JavaScript actions, through unsanitized user input to the createAnnotation method. The vulnerability affects jsPDF versions prior to 4.2.1 and enables remote attackers to execute arbitrary code when a victim opens or interacts with a maliciously crafted PDF file. A proof-of-concept exploit is publicly available demonstrating how to launch system executables like calc.exe through PDF action injection.
Elysia (npm package, versions prior to 1.4.27) is vulnerable to prototype pollution through maliciously crafted cookie names, allowing unauthenticated attackers to override application cookie values and potentially inject arbitrary data into the application's object prototype. With a CVSS score of 6.5 and network-accessible attack vector requiring no privileges or user interaction, attackers can manipulate cookie handling to gain limited information disclosure and integrity compromise. A proof-of-concept exploit demonstrating the `__proto__` injection vector exists in the GitHub advisory.
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage.
A security vulnerability in A flaw (CVSS 3.9). Remediation should follow standard vulnerability management procedures.
A security vulnerability in A flaw (CVSS 3.9). Remediation should follow standard vulnerability management procedures.
An arbitrary file upload vulnerability in Chamilo LMS allows authenticated users with Teacher role to achieve Remote Code Execution by uploading malicious H5P packages. The flaw affects versions prior to 1.11.36 and stems from inadequate validation of H5P package contents, which only checks for h5p.json existence but fails to block .htaccess or PHP files with alternative extensions. With a CVSS score of 8.8 and high exploitation potential, attackers can upload webshells disguised as text files along with .htaccess configurations to bypass security controls.
Unsafe deserialization of untrusted user input in PHP Craft CMS allows authenticated high-privilege users to inject arbitrary Yii2 behaviors and event handlers, enabling remote code execution through the EntryTypesController. An incomplete prior patch for a similar vulnerability left the same dangerous pattern in place, permitting attackers with administrative access to manipulate application configuration and achieve full system compromise. A patch is available to properly sanitize configuration inputs before processing.
CVE-2026-4276 is a security vulnerability (CVSS 7.5) that allows attackers. High severity vulnerability requiring prompt remediation.
A vulnerability was found in Lagom WHMCS Template up to 2.3.7.
A code injection vulnerability in Raytha CMS's Functions module allows privileged users to execute arbitrary .NET operations through unrestricted JavaScript code execution, effectively bypassing application sandboxing. The vulnerability affects Raytha CMS versions prior to 1.4.6 and enables authenticated administrators to compromise the application's hosting environment. No active exploitation has been reported (not in KEV), no public POC is available, and EPSS data is not yet available for this recently disclosed vulnerability.
A code injection vulnerability in SOLIDWORKS Desktop releases 2025 through 2026 allows attackers to execute arbitrary code on victim machines by tricking users into opening specially crafted files. The vulnerability requires local access and user interaction but provides complete system compromise with high impact to confidentiality, integrity, and availability (CVSS 7.8). No evidence of active exploitation or proof-of-concept code has been reported.
A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.
The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution.
Command injection vulnerability in MLflow versions before v3.7.0 that allows attackers to execute arbitrary commands by injecting malicious input through the --container parameter when deploying models to SageMaker. The vulnerability affects MLflow installations in development environments, CI/CD pipelines, and cloud deployments, with a CVSS score of 7.5 indicating high severity. No active exploitation or KEV listing is reported, and no EPSS data is available to assess real-world exploitation likelihood.
Code injection in SimpleEval when objects with dangerous attrs are passed. PoC available.
Prototype pollution in Apollo Federation before multiple versions.
HMS Networks' industrial IoT gateways (Ewon Flexy and Cosy+) contain a command injection vulnerability that allows authenticated attackers to execute arbitrary OS commands remotely. This affects Flexy devices before firmware 15.0s4 and Cosy+ devices before 22.1s6 (22.x branch) or 23.0s3 (23.x branch). With a CVSS score of 8.8 but low EPSS of 0.06%, this vulnerability requires valid credentials but enables full system compromise.
create_function() sandbox bypass via unsanitized args passed to Function constructor. PoC available.
SandboxJS sandbox escape before 0.8.34 via Function access through arrays. CVSS 10.0.
A code injection vulnerability in ILLID Advanced Woo Labels WordPress plugin (versions up to 2.36) allows authenticated administrators to execute arbitrary code through improper input validation, potentially leading to full site compromise. The vulnerability requires high privileges to exploit (CVSS 7.2), has no known active exploitation in the wild (not in CISA KEV), and carries a very low EPSS score of 0.00043 (0.043%), indicating minimal real-world exploitation likelihood despite the high CVSS score.
RCE via code injection in Modal Dialog WordPress plugin.
wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the comment_author_email cookie.
Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like [contact-form-7] or [user_meta] in comments, which are executed server-side when the WpdiscuzHelperEmail class processes notifications through do_shortcode() before wp_mai...
CRLF injection in undici's HTTP upgrade handling allows authenticated attackers to inject arbitrary headers and perform request smuggling attacks against backend services like Redis and Elasticsearch when user input is passed unsanitized to the upgrade option. The vulnerability stems from insufficient validation of the upgrade parameter before writing to the socket, enabling attackers to terminate HTTP requests prematurely and route malicious data to non-HTTP protocols. This requires prior authentication and user interaction, with no patch currently available.
High severity vulnerability in Graphiti. #
Insufficient input padding in soroban-poseidon's Poseidon V1 hash function enables attackers to forge hash collisions by appending zeros to shorter inputs, allowing distinct messages to produce identical hashes when the input count is less than the sponge rate. This vulnerability affects any Soroban smart contract relying on PoseidonSponge or poseidon_hash for cryptographic integrity, potentially compromising authentication, signature verification, or other security mechanisms that depend on hash uniqueness. No patch is currently available.
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.
Veeam Backup & Replication allows Backup Administrators to achieve RCE in high-availability deployments. While requiring admin-level access, the scope change to the HA infrastructure makes this critical for organizations running Veeam in HA mode.
Yet another Veeam Backup & Replication RCE vulnerability allowing authenticated domain users to execute code on the Backup Server with scope change (CVSS 9.9). Part of a cluster of related Veeam vulnerabilities disclosed together.
Code injection in OpenClaw 2026.2.19 and earlier through the Skill Env Handler's applySkillConfigenvOverrides function allows authenticated remote attackers to execute arbitrary code with low integrity and confidentiality impact. An authenticated user can manipulate environment configuration settings to inject malicious code that executes in the context of the application. Mitigation requires upgrading to version 2026.2.21-beta.1 or later, as no official patch is currently available for production releases.
Multiple shell injection and untrusted search path vulnerabilities in Wazuh agent and manager (versions 2.1.0 through 4.7.x) enable remote code execution through malicious configuration parameters. Authenticated attackers with high privileges can inject commands via logcollector configuration files, maild SMTP server tags, and Kaspersky AR script parameters. The CVSS 4.0 score of 7.1 reflects network-accessible attack vector with low complexity but requiring high-privilege credentials; no public exploit identified at time of analysis.
Remote code execution is achievable in Grafana installations through a chained attack combining SQL Expressions with a Grafana Enterprise plugin, affecting both open-source and Enterprise deployments. The vulnerability requires high-privilege authenticated access (PR:H) but enables cross-scope impact with complete system compromise once exploited. Only instances with the sqlExpressions feature toggle enabled are vulnerable, though Grafana recommends all users update to prevent future exploitation paths using this attack vector. No public exploit identified at time of analysis, and authentication as a high-privilege user is required per CVSS vector.
Open-Xchange Dovecot Pro contains an LDAP filter injection vulnerability in its authentication module that allows remote unauthenticated attackers to inject arbitrary LDAP filters when the auth_username_chars configuration parameter is left empty, potentially enabling authentication bypass and reconnaissance of LDAP directory structures. The vulnerability carries a low CVSS score of 3.7 due to high attack complexity requirements, and no public exploit code has been identified at the time of analysis.
BUFFALO Wi-Fi router products allow remote code execution through a code injection vulnerability requiring user interaction. An unauthenticated attacker (CVSS PR:N) can execute arbitrary code on affected devices with high impact to confidentiality, integrity, and availability (CVSS 8.8). The vulnerability was disclosed through JVN and BUFFALO's official advisory, with no public exploit identified at time of analysis.
Remote code execution is possible in the happy-dom JavaScript DOM implementation (npm package) through injection of malicious JavaScript expressions in ES module export declarations. Attackers can bypass input sanitization by using template literal syntax (backticks) to execute arbitrary system commands when happy-dom processes untrusted HTML content with JavaScript evaluation enabled. The vulnerability affects happy-dom versions prior to 20.8.8, with a publicly available exploit code that demonstrates command execution via Node.js child_process module. CVSS score of 8.8 reflects network-based attack vector requiring user interaction, with complete confidentiality, integrity, and availability impact.
Langflow's Agentic Assistant feature executes LLM-generated Python code server-side during component validation, enabling arbitrary code execution when attackers can influence model outputs. The vulnerability affects the pip package 'langflow' and exists in endpoints /assist and streaming paths that invoke exec() on dynamically generated component code. A proof-of-concept exists demonstrating the execution chain from user input through validation to code execution. Authentication requirements depend on deployment configuration, with AUTO_LOGIN=true defaults potentially widening exposure. No public exploit identified at time of analysis beyond the documented PoC, though the technical details and code references provide a complete exploitation blueprint.
Remote command execution can be achieved by low-privileged authenticated users (ProjectMember role) in OneUptime monitoring platform versions prior to 10.0.35 by exploiting incomplete sandbox restrictions in Synthetic Monitor Playwright script execution. Attackers can traverse the unblocked _browserType and launchServer properties via page.context().browser()._browserType.launchServer() to spawn arbitrary processes on the Probe container or host. A proof-of-concept exploit exists per SSVC framework data, and the vulnerability carries a CVSS score of 9.9 with Critical severity due to scope change and total technical impact.
HTTP Response Splitting in HCL Aftermarket DPC allows unauthenticated remote attackers to inject arbitrary content or commands into HTTP responses, potentially leading to content spoofing or further exploitation depending on application response handling. The vulnerability affects Aftermarket DPC version 1.0.0 and requires user interaction to exploit. No public exploit identified at time of analysis, and exploitation is not currently automatable according to CISA SSVC assessment, resulting in a low real-world risk profile despite the injection vector.
BentoML, a Python framework for ML model serving, contains a command injection vulnerability in the docker.system_packages configuration field of bentofile.yaml files. The vulnerability affects all versions supporting this feature (confirmed in version 1.4.36) and allows attackers to execute arbitrary commands during the Docker image build process (bentoml containerize). This is a high-severity supply chain risk with a CVSS score of 7.8, requiring user interaction to trigger but achieving full command execution as root during container builds.
Remote code execution in Daylight Studio FuelCMS v1.5.2 through the /parser/dwoo component enables unauthenticated attackers to execute arbitrary PHP code via specially crafted input. The vulnerability exploits insufficient input validation in the Dwoo template engine integration, allowing direct PHP code injection. Attack complexity appears low given the public references to exploitation techniques in the provided pentest-tools PDF, though no formal CVSS scoring or CISA KEV confirmation is available to assess real-world exploitation prevalence.
n8n contains an LDAP injection vulnerability in the LDAP node's filter escape logic that allows LDAP metacharacters to pass through unescaped when user-controlled input is interpolated into LDAP search filters. This affects n8n versions prior to 1.123.27, 2.13.3, and 2.14.1, enabling attackers to manipulate LDAP queries to retrieve unintended directory records or bypass authentication controls implemented within workflows. The vulnerability requires specific workflow configuration (LDAP node receiving external user input via expressions) and has not been publicly reported as actively exploited, though no proof-of-concept availability is explicitly confirmed across available intelligence sources.
An authenticated user with workflow creation or modification privileges in n8n workflow automation platform can exploit the Merge node's 'Combine by SQL' mode to read arbitrary local files on the n8n host and achieve remote code execution. n8n versions prior to 2.14.1, 2.13.3, and 1.123.26 are affected. The vulnerability carries a CVSS 4.0 score of 9.4 (Critical) due to insufficient sandbox restrictions in the AlaSQL component, allowing SQL injection-style attacks against the host system. No public proof-of-concept or active exploitation (KEV) status has been reported at this time.
A Code Injection vulnerability (CWE-94) exists in Nelio AB Testing WordPress plugin through version 8.2.7 that allows attackers to execute arbitrary code on affected installations. The vulnerability affects the Nelio Software product across all versions up to and including 8.2.7, potentially enabling remote code execution (RCE). This is a critical severity issue as it permits unauthenticated or low-privilege attackers to gain complete control over WordPress sites running the vulnerable plugin.
A Code Injection vulnerability (CWE-94) exists in JetFormBuilder versions up to and including 3.5.6.1, allowing attackers to inject and execute arbitrary code within the application context. The vulnerability affects the JetFormBuilder plugin for WordPress across all versions through 3.5.6.1, and an attacker can leverage this to achieve Remote Code Execution (RCE) by injecting malicious code through form-processing mechanisms. Patchstack has documented this vulnerability with an assigned EUVD ID (EUVD-2026-15889), and while a CVSS score has not been formally assigned, the RCE classification indicates critical severity.
Total Poll Lite, a WordPress plugin, contains an improper code injection vulnerability (CWE-94) that allows remote code inclusion and execution. All versions up to and including 4.12.0 are affected. An attacker can exploit this vulnerability to achieve remote code execution (RCE) on WordPress installations running the vulnerable plugin, potentially gaining full control of the affected web application.
A Code Injection vulnerability (CWE-94) exists in the Jonathan Daggerhart Widget Wrangler WordPress plugin through version 2.3.9, allowing unauthenticated attackers to execute arbitrary code on affected installations. This Remote Code Execution (RCE) vulnerability enables complete server compromise and data exfiltration. Active exploitation has been documented by Patchstack, indicating this is a practical, real-world threat requiring immediate patching.
A Code Injection vulnerability exists in the Themeisle Woody ad snippets plugin (insert-php) through version 2.7.1 that allows unauthenticated attackers to execute arbitrary PHP code on affected WordPress installations. The vulnerability stems from improper control of code generation, classified as CWE-94, enabling remote code execution (RCE). Patchstack has documented this issue, and affected installations should be patched immediately as the attack vector appears to be network-accessible with low complexity.
The Post Snippets WordPress plugin versions up to and including 4.0.12 contain an improper code generation vulnerability (CWE-94) that enables remote code injection and execution. An attacker can exploit this flaw to execute arbitrary code on affected WordPress installations, potentially leading to complete site compromise. The vulnerability has been publicly documented by Patchstack with available references, and the attack vector appears to be network-based without requiring high privileges.
A CRLF injection vulnerability exists in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software that allows unauthenticated remote attackers to inject arbitrary log entries and manipulate log file structure. The vulnerability stems from insufficient input validation in the Cisco IOx management interface and affects a broad range of Cisco IOS XE Software versions from 16.6.1 through 17.18.1x. A successful exploit enables attackers to obscure legitimate log events, inject malicious log entries, or corrupt log file integrity without requiring authentication, making it particularly dangerous in environments where log analysis is relied upon for security monitoring and compliance.
The pdf-image npm package through version 2.0.0 contains an OS command injection vulnerability in the pdfFilePath parameter. Attackers can exploit this remotely without authentication by injecting malicious commands through file path inputs that are passed unsafely to shell commands via child_process.exec(). A proof-of-concept exploit is publicly available on GitHub (zebbernCVE/CVE-2026-26830), significantly increasing exploitation risk.
The textract library through version 2.5.0 contains an OS command injection vulnerability in its file extraction modules that allows attackers to execute arbitrary operating system commands by crafting malicious filenames. The vulnerability affects multiple extractors (doc.js, rtf.js, dxf.js, images.js, and util.js) where user-supplied file paths are passed directly to child_process.exec() without adequate sanitization. An attacker can exploit this by uploading or referencing files with specially crafted names containing shell metacharacters, leading to complete system compromise with the privileges of the process running textract.
Thumbler through version 1.1.2 contains an OS command injection vulnerability in the thumbnail() function where user-supplied input from the input, output, time, or size parameters is directly concatenated into shell commands executed via Node.js child_process.exec() without sanitization or escaping. This allows unauthenticated attackers to execute arbitrary operating system commands with the privileges of the application process. A proof-of-concept has been documented in public repositories, making this vulnerability immediately actionable for exploitation.
PinchTab versions 0.8.3 through 0.8.5 contain a security-policy bypass that allows arbitrary JavaScript execution through the POST /wait endpoint's fn mode, even when the security.allowEvaluate setting is explicitly disabled. While the /evaluate endpoint correctly enforces the allowEvaluate guard, the /wait endpoint fails to apply the same policy check before evaluating caller-supplied JavaScript expressions, enabling authenticated users with an API token to execute arbitrary code in browser tab contexts despite the operator's intention to disable JavaScript evaluation. A proof-of-concept demonstrating this bypass has been published by the vendor, showing that side effects can be introduced in page state and confirmed through subsequent requests.
The Zabbix Agent 2 Docker plugin contains an argument injection vulnerability in the 'docker.container_info' parameter handler that fails to properly sanitize user-supplied input before forwarding requests to the Docker daemon. An authenticated attacker who can invoke Agent 2 can exploit this flaw to read arbitrary files from running Docker containers by injecting malicious parameters through the Docker archive API, potentially exposing sensitive application data, credentials, and configuration files. While no CVSS score or EPSS data is currently available, and no indication of active exploitation in the wild has been reported, this represents a direct path to container escape and lateral movement for attackers with agent-level access.
Vikunja Desktop (Electron wrapper) versions 0.21.0 through 2.1.x contain a critical remote code execution vulnerability caused by enabled Node.js integration combined with missing navigation controls. An attacker who is a legitimate user on a shared Vikunja instance can inject a malicious hyperlink into user-generated content (task descriptions, comments, project descriptions) that, when clicked by a victim using Vikunja Desktop, causes arbitrary code execution with the victim's OS user privileges. A proof-of-concept demonstrating command execution via a simple HTML link has been documented, and the vulnerability affects all Desktop users on affected versions.
The Vikunja Desktop Electron wrapper enables Node.js integration in the renderer process without proper context isolation or sandboxing, allowing any cross-site scripting vulnerability in the web frontend to escalate directly to remote code execution on the victim's machine. Vikunja versions 0.21.0 through 2.1.x are affected, as confirmed by CPE cpe:2.3:a:go-vikunja:vikunja. An attacker exploiting an XSS flaw gains full access to Node.js APIs and the underlying operating system, making this a critical privilege escalation from web-based XSS to system-level RCE.
NGINX Plus and NGINX Open Source contain an improper handling vulnerability in the ngx_mail_smtp_module that allows DNS response injection through malformed CRLF sequences. An attacker controlling a DNS server can inject arbitrary headers into SMTP upstream requests, potentially manipulating mail routing and message content. With a CVSS score of 3.7 and low attack complexity, this represents an integrity issue rather than a critical exploitability threat, though it requires network-level DNS control.
A code injection vulnerability exists in dendibakh perf-ninja's Lua modules (specifically in ldo.C within labs/misc/pgo), allowing improper control of code generation that can lead to remote code execution. The vulnerability affects all versions of perf-ninja as indicated by the CPE specification. An attacker can exploit this flaw to inject and execute arbitrary code, with a vendor patch now available to remediate the issue.
The Woocommerce Custom Product Addons Pro plugin for WordPress contains a critical remote code execution vulnerability caused by unsafe use of PHP's eval() function when processing custom pricing formulas. All versions up to and including 5.4.1 are affected, allowing unauthenticated attackers to execute arbitrary PHP code on the server by submitting malicious input to WCPA text fields configured with custom pricing formulas. With a CVSS score of 9.8, this represents a maximum severity issue requiring immediate attention, though EPSS and KEV status data are not provided in the available intelligence.
OpenClaw versions 2026.2.26 through 2026.3.0 contain a current working directory (CWD) injection vulnerability in the Windows wrapper resolution mechanism for .cmd and .bat files, allowing attackers with local access to manipulate CWD and achieve command execution with integrity compromise. An attacker with local privileges can alter the working directory to inject malicious wrapper scripts that execute instead of legitimate ones, bypassing command execution controls. The vulnerability requires local access and moderate complexity but enables high-integrity impact; no active KEV or widespread exploitation has been reported, but proof-of-concept details are documented in vendor security advisories.
An authenticated code injection vulnerability exists in the Code Study Plugin component of OpenSource Workshop Connect-CMS that allows authenticated users to execute arbitrary code on the server. Both the 1.x series (versions up to 1.41.0) and 2.x series (versions up to 2.41.0) are affected. With a CVSS score of 8.8 (High severity), this vulnerability enables remote code execution and information disclosure with low attack complexity and no user interaction required.
An Improper Neutralization of Argument Delimiters (Argument Injection) vulnerability exists in Salesforce Marketing Cloud Engagement that allows attackers to manipulate Web Services Protocol interactions through command injection. All versions of Marketing Cloud Engagement released before January 30th, 2026 are affected. An attacker with network access to the affected service can inject malicious arguments into commands, potentially leading to unauthorized actions, data exfiltration, or service compromise. No CVSS score, EPSS data, or confirmed public POC are currently available, but the vulnerability has been officially disclosed by Salesforce with a patch deadline, indicating active remediation efforts.
The ReviewX plugin for WordPress contains a critical arbitrary method call vulnerability in all versions up to and including 2.2.12. Unauthenticated attackers can exploit insufficient input validation in the bulkTenReviews function to call arbitrary PHP class methods, potentially achieving remote code execution or information disclosure. With a CVSS score of 7.3 and network-based exploitation requiring no privileges or user interaction, this presents a significant risk to WordPress sites using this WooCommerce product review plugin.
A critical command injection vulnerability exists in DigitalOcean Droplet Agent through version 1.3.2, where the troubleshooting actioner component processes metadata from the metadata service endpoint without adequate input validation, allowing attackers who can control metadata responses to inject and execute arbitrary OS commands with root privileges. An attacker can trigger the vulnerability by sending a TCP packet with specific sequence numbers to the SSH port, causing the agent to fetch and execute malicious commands from the metadata service, potentially leading to complete system compromise, data exfiltration, and lateral movement across cloud infrastructure. A public proof-of-concept exists at https://github.com/poxsky/CVE-2026-24516-DigitalOcean-RCE, indicating active research and potential exploitation risk.
A code injection vulnerability exists in Foundation Agents MetaGPT up to version 0.8.1, specifically in the DataInterpreter component's write_analysis_code.py file, allowing authenticated attackers to inject and execute arbitrary code remotely. The vulnerability is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) with a CVSS score of 6.3 and requires low privileges and no user interaction. A public proof-of-concept exploit is available, indicating active research and potential real-world exploitation risk.
A code injection vulnerability exists in Foundation Agents MetaGPT versions up to 0.8.1 within the code_generate function of metagpt/ext/aflow/scripts/operator.py, allowing authenticated remote attackers to execute arbitrary code. The vulnerability is classified as CWE-94 (improper control of generation of code) and carries a CVSS score of 6.3 with network-based attack vector requiring low privileges. A public exploit has been disclosed on GitHub, and the vendor has not responded to early disclosure attempts, elevating the practical risk despite the moderate CVSS rating.
The Task Manager plugin for WordPress (all versions up to 3.0.2) contains an arbitrary shortcode execution vulnerability in the AJAX search callback function due to missing capability checks and insufficient input validation. Authenticated attackers with Subscriber-level privileges and above can inject malicious shortcode syntax into search parameters to execute arbitrary shortcodes on the WordPress site, potentially leading to code execution and site compromise. The vulnerability is classified with a CVSS 3.1 score of 6.5 and has been reported by Wordfence security researchers.
The The Contact Form, Survey, Quiz & Popup Form Builder - ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
WebCTRL Premium Server contains a port binding vulnerability that allows an attacker with local access to bind to the same network port used by the WebCTRL service. This enables the attacker to send malicious packets and impersonate the legitimate WebCTRL service without injecting code into the application, potentially compromising confidentiality and integrity of building automation system communications. The vulnerability affects Automated Logic's WebCTRL Premium Server and has been disclosed by ICS-CERT, though no KEV listing or public POC is currently documented.
A code injection vulnerability exists in Mindinventory MindSQL up to version 0.2.1 that allows remote code execution through manipulation of the ask_db function in mindsql/core/mindsql_core.py. An authenticated attacker can exploit this vulnerability to execute arbitrary code on the affected system. A public proof-of-concept exploit is available, and the vendor has not responded to early disclosure attempts, increasing the likelihood of active exploitation.
The Kali Forms plugin for WordPress contains a critical remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code on the server. All versions up to and including 2.4.9 are affected, including the popular 'Kali Forms - Contact Form & Drag-and-Drop Builder' plugin by WPChill. The vulnerability carries a critical CVSS score of 9.8 due to its network-based attack vector, low complexity, and lack of required authentication or user interaction.
The Gallery plugin in AVideo contains an unauthenticated remote code execution vulnerability through CSRF-enabled PHP code injection. Attackers can exploit an eval() function that directly executes unsanitized user input by tricking an admin into visiting a malicious page, with the session cookie's SameSite=None configuration enabling cross-site request forgery. A detailed proof-of-concept exploit exists demonstrating command execution through crafted form submissions.
A code injection vulnerability exists in bagofwords (versions up to 0.0.297) within the generate_df function of backend/app/ai/code_execution/code_execution.py, allowing remote attackers with low privileges to inject and execute arbitrary code. The vulnerability (CWE-74: Improper Neutralization of Special Elements in Output) has a CVSS score of 6.3 (Medium) with network-based attack vector and low attack complexity, meaning exploitation requires only basic authentication and no user interaction. A public proof-of-concept exploit is already available, making this a practical threat requiring prompt remediation.
Uptime Kuma versions 1.23.0 through 2.2.0 contain an incomplete Server-Side Template Injection (SSTI) vulnerability in the LiquidJS templating engine that allows authenticated attackers to read arbitrary files from the server. A prior fix (GHSA-vffh-c9pq-4crh) attempted to restrict file path access through three mitigation options (root, relativeReference, dynamicPartials), but this fix only blocks quoted paths; attackers can bypass the mitigation by using unquoted absolute paths like /etc/passwd that successfully resolve through the require.resolve() fallback mechanism in liquid.node.js. The vulnerability requires low privileges (authenticated access) but can result in high confidentiality impact, making it a notable information disclosure risk for self-hosted monitoring deployments.
An LDAP injection vulnerability in SuiteCRM's authentication flow allows attackers to manipulate LDAP queries by injecting control characters into user-supplied input, potentially leading to authentication bypass or information disclosure. The vulnerability affects SuiteCRM versions prior to 7.15.1 and 8.9.3, which are open-source CRM systems widely deployed in enterprise environments. While no active exploitation has been reported (not in CISA KEV), the network-exploitable nature and potential for authentication bypass makes this a serious concern for organizations using affected versions.
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A critical remote code execution vulnerability in SuiteCRM versions 7.15.0 and 8.9.2 allows authenticated administrators to execute arbitrary system commands through a bypass of previous security patches. This vulnerability circumvents the ModuleScanner.php security controls by exploiting improper PHP token parsing that resets security checks when encountering single-character tokens, enabling attackers to hide dangerous function calls. The vulnerability represents a direct bypass of the previously patched CVE-2024-49774 and has been assigned a CVSS score of 9.1.
An authenticated remote code execution vulnerability exists in SuiteCRM modules that allows high-privileged users to execute arbitrary code on the server. The vulnerability affects SuiteCRM versions prior to 7.15.1 and 8.9.3, and stems from improper code injection protections (CWE-94). While exploitation requires high privileges (admin-level), successful attacks grant complete control over the CRM system containing sensitive customer data.
OpenClaw versions before 2026.2.22 allow local attackers with environment access to execute arbitrary commands by manipulating the SHELL environment variable, which is insufficiently validated during shell fallback operations. An attacker can leverage this to run malicious code with the privileges of the OpenClaw process. No patch is currently available for this vulnerability.
CVE-2026-32029 is a security vulnerability (CVSS 6.3). Remediation should follow standard vulnerability management procedures.
Remote code execution in wgcloud version 2.3.7 and earlier allows unauthenticated attackers to execute arbitrary code through the test connection function. The vulnerability carries a critical CVSS score of 9.8 with network-based exploitation requiring no privileges or user interaction. No public exploit has been identified at time of analysis, though the EPSS score of 0.29% (52nd percentile) indicates low predicted exploitation probability despite the critical severity rating.
A remote code execution vulnerability in Instant Popup Builder (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted...
A remote code execution vulnerability in DedeCMS v.5.7.118 and (CVSS 9.8) that allows a remote attacker. Critical severity with potential for significant impact on affected systems.
Dynaconf, a Python configuration management library, contains a Server-Side Template Injection (SSTI) vulnerability in its @jinja resolver that allows arbitrary command execution when attackers can control configuration sources such as environment variables, .env files, or CI/CD secrets. The vulnerability affects pip package dynaconf and includes a public proof-of-concept demonstrating command execution via Jinja2 template evaluation without sandboxing. The @format resolver additionally enables object graph traversal to expose sensitive runtime data including API keys and credentials.
An unauthenticated remote code execution vulnerability exists in the mesop Python package's debugging Flask server endpoint (/exec-py) that accepts and executes arbitrary base64-encoded Python code without any authentication or validation. The vulnerability affects the mesop pip package, with a publicly disclosed proof-of-concept demonstrating trivial exploitation requiring only a single HTTP POST request. With a CVSS score of 9.8 (Critical) and detailed PoC availability, this represents an immediately exploitable vulnerability for any exposed instance.
The h3 JavaScript framework for Node.js contains a Server-Sent Events (SSE) injection vulnerability in its createEventStream function due to missing newline sanitization. Applications using h3's SSE functionality (pkg:npm/h3) are vulnerable to attackers who can control any part of SSE message fields (id, event, data, or comments), allowing injection of arbitrary events to all connected clients. A proof-of-concept exploit exists demonstrating event injection, cross-user content manipulation, and denial-of-service attacks.
Kanboard project management software contains a privilege escalation vulnerability in its user invite registration endpoint that allows invited users to inject the 'role=app-admin' parameter during account creation, granting themselves administrator privileges. This affects all Kanboard versions prior to 1.2.51. The vulnerability has documented proof-of-concept exploitation capability (CVSS E:P indicates PoC exists) and carries a CVSS 4.0 score of 7.0 with high integrity impact to both the vulnerable system and subsequent components.
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-33017, CVSS 9.3) in the public flow build API that allows attackers to execute arbitrary Python code by supplying malicious flow data. KEV-listed with public PoC, this vulnerability enables anyone with network access to a Langflow instance to achieve server compromise through the API that builds public flows without authentication.
Remote code execution in Atlassian Bamboo Data Center versions 9.6.0 through 12.1.0 allows authenticated attackers with high privileges to execute arbitrary code on affected systems with a CVSS score of 8.6. The vulnerability impacts multiple major versions with no patch currently available, requiring immediate upgrade to patched releases such as 9.6.24, 10.2.16, or 12.1.3. Organizations unable to upgrade should prioritize access controls for high-privileged accounts until remediation is possible.
A code injection vulnerability in the jsPDF library allows attackers to inject arbitrary PDF objects, including malicious JavaScript actions, through unsanitized user input to the createAnnotation method. The vulnerability affects jsPDF versions prior to 4.2.1 and enables remote attackers to execute arbitrary code when a victim opens or interacts with a maliciously crafted PDF file. A proof-of-concept exploit is publicly available demonstrating how to launch system executables like calc.exe through PDF action injection.
Elysia (npm package, versions prior to 1.4.27) is vulnerable to prototype pollution through maliciously crafted cookie names, allowing unauthenticated attackers to override application cookie values and potentially inject arbitrary data into the application's object prototype. With a CVSS score of 6.5 and network-accessible attack vector requiring no privileges or user interaction, attackers can manipulate cookie handling to gain limited information disclosure and integrity compromise. A proof-of-concept exploit demonstrating the `__proto__` injection vector exists in the GitHub advisory.
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage.
A security vulnerability in A flaw (CVSS 3.9). Remediation should follow standard vulnerability management procedures.
A security vulnerability in A flaw (CVSS 3.9). Remediation should follow standard vulnerability management procedures.
An arbitrary file upload vulnerability in Chamilo LMS allows authenticated users with Teacher role to achieve Remote Code Execution by uploading malicious H5P packages. The flaw affects versions prior to 1.11.36 and stems from inadequate validation of H5P package contents, which only checks for h5p.json existence but fails to block .htaccess or PHP files with alternative extensions. With a CVSS score of 8.8 and high exploitation potential, attackers can upload webshells disguised as text files along with .htaccess configurations to bypass security controls.
Unsafe deserialization of untrusted user input in PHP Craft CMS allows authenticated high-privilege users to inject arbitrary Yii2 behaviors and event handlers, enabling remote code execution through the EntryTypesController. An incomplete prior patch for a similar vulnerability left the same dangerous pattern in place, permitting attackers with administrative access to manipulate application configuration and achieve full system compromise. A patch is available to properly sanitize configuration inputs before processing.
CVE-2026-4276 is a security vulnerability (CVSS 7.5) that allows attackers. High severity vulnerability requiring prompt remediation.
A vulnerability was found in Lagom WHMCS Template up to 2.3.7.
A code injection vulnerability in Raytha CMS's Functions module allows privileged users to execute arbitrary .NET operations through unrestricted JavaScript code execution, effectively bypassing application sandboxing. The vulnerability affects Raytha CMS versions prior to 1.4.6 and enables authenticated administrators to compromise the application's hosting environment. No active exploitation has been reported (not in KEV), no public POC is available, and EPSS data is not yet available for this recently disclosed vulnerability.
A code injection vulnerability in SOLIDWORKS Desktop releases 2025 through 2026 allows attackers to execute arbitrary code on victim machines by tricking users into opening specially crafted files. The vulnerability requires local access and user interaction but provides complete system compromise with high impact to confidentiality, integrity, and availability (CVSS 7.8). No evidence of active exploitation or proof-of-concept code has been reported.
A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.
The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution.
Command injection vulnerability in MLflow versions before v3.7.0 that allows attackers to execute arbitrary commands by injecting malicious input through the --container parameter when deploying models to SageMaker. The vulnerability affects MLflow installations in development environments, CI/CD pipelines, and cloud deployments, with a CVSS score of 7.5 indicating high severity. No active exploitation or KEV listing is reported, and no EPSS data is available to assess real-world exploitation likelihood.
Code injection in SimpleEval when objects with dangerous attrs are passed. PoC available.
Prototype pollution in Apollo Federation before multiple versions.
HMS Networks' industrial IoT gateways (Ewon Flexy and Cosy+) contain a command injection vulnerability that allows authenticated attackers to execute arbitrary OS commands remotely. This affects Flexy devices before firmware 15.0s4 and Cosy+ devices before 22.1s6 (22.x branch) or 23.0s3 (23.x branch). With a CVSS score of 8.8 but low EPSS of 0.06%, this vulnerability requires valid credentials but enables full system compromise.
create_function() sandbox bypass via unsanitized args passed to Function constructor. PoC available.
SandboxJS sandbox escape before 0.8.34 via Function access through arrays. CVSS 10.0.
A code injection vulnerability in ILLID Advanced Woo Labels WordPress plugin (versions up to 2.36) allows authenticated administrators to execute arbitrary code through improper input validation, potentially leading to full site compromise. The vulnerability requires high privileges to exploit (CVSS 7.2), has no known active exploitation in the wild (not in CISA KEV), and carries a very low EPSS score of 0.00043 (0.043%), indicating minimal real-world exploitation likelihood despite the high CVSS score.
RCE via code injection in Modal Dialog WordPress plugin.
wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the comment_author_email cookie.
Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like [contact-form-7] or [user_meta] in comments, which are executed server-side when the WpdiscuzHelperEmail class processes notifications through do_shortcode() before wp_mai...
CRLF injection in undici's HTTP upgrade handling allows authenticated attackers to inject arbitrary headers and perform request smuggling attacks against backend services like Redis and Elasticsearch when user input is passed unsanitized to the upgrade option. The vulnerability stems from insufficient validation of the upgrade parameter before writing to the socket, enabling attackers to terminate HTTP requests prematurely and route malicious data to non-HTTP protocols. This requires prior authentication and user interaction, with no patch currently available.
High severity vulnerability in Graphiti. #
Insufficient input padding in soroban-poseidon's Poseidon V1 hash function enables attackers to forge hash collisions by appending zeros to shorter inputs, allowing distinct messages to produce identical hashes when the input count is less than the sponge rate. This vulnerability affects any Soroban smart contract relying on PoseidonSponge or poseidon_hash for cryptographic integrity, potentially compromising authentication, signature verification, or other security mechanisms that depend on hash uniqueness. No patch is currently available.
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.
Veeam Backup & Replication allows Backup Administrators to achieve RCE in high-availability deployments. While requiring admin-level access, the scope change to the HA infrastructure makes this critical for organizations running Veeam in HA mode.
Yet another Veeam Backup & Replication RCE vulnerability allowing authenticated domain users to execute code on the Backup Server with scope change (CVSS 9.9). Part of a cluster of related Veeam vulnerabilities disclosed together.
Code injection in OpenClaw 2026.2.19 and earlier through the Skill Env Handler's applySkillConfigenvOverrides function allows authenticated remote attackers to execute arbitrary code with low integrity and confidentiality impact. An authenticated user can manipulate environment configuration settings to inject malicious code that executes in the context of the application. Mitigation requires upgrading to version 2026.2.21-beta.1 or later, as no official patch is currently available for production releases.