Skip to main content

Code Injection

4831 CVEs technique

Monthly

CVE-2026-44546 PyPI MEDIUM PATCH This Month

Header injection via parser differential in daphne before 4.2.2 allows unauthenticated remote attackers to smuggle synthetic headers into the ASGI scope received by Django applications during WebSocket handshake processing. The root cause is that Twisted (which daphne uses to parse inbound HTTP) ignores six specific Unicode bytes as line separators, while autobahn (which daphne feeds for WebSocket negotiation) calls Python's str.splitlines() and recognizes them - causing a single header value to be split into multiple injected header lines. No public exploit has been identified at time of analysis, and CVSS scores this at 3.7 (Low) due to high attack complexity, though real-world severity scales with how heavily the downstream application trusts ASGI-scope headers for security decisions.

Code Injection Request Smuggling Daphne Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-5078 npm MEDIUM POC PATCH GHSA This Month

Log injection in morgan Node.js middleware versions 1.2.0 through 1.10.1 allows unauthenticated remote attackers to forge access log entries by embedding CR or LF control characters in the Basic authentication username of the Authorization request header. The :remote-user format token writes this value to the log stream without sanitization, breaking the one-request-per-line log structure and enabling attackers to fabricate arbitrary log lines visible to downstream consumers such as SIEMs or log aggregators. No active exploitation is confirmed (not in CISA KEV) and no public exploit code is identified at time of analysis, but the zero-prerequisite network attack vector and widespread use of morgan across the Node.js/Express ecosystem make this a meaningful integrity risk for security monitoring pipelines.

Code Injection Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-26379 MEDIUM This Month

Remote code execution in Koha v.25.11 and earlier allows unauthenticated network attackers to inject and execute arbitrary code through the Z39.50 configuration module. Koha is a widely deployed open-source integrated library system (ILS); the affected component handles Z39.50, a standard client-server protocol used for querying remote library catalogues. No public exploit identified at time of analysis, though a researcher technical write-up is publicly available at g03m0n.github.io, and EPSS exploitation probability is low at 0.05% (16th percentile). Notable discrepancy: CVSS impact scores (C:L/I:L) appear understated relative to the arbitrary code execution claim and should be treated with caution.

Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-42507 Go MEDIUM PATCH This Month

Error message injection in Go's net/textproto standard library package allows unauthenticated remote attackers to embed attacker-controlled content into error strings that applications subsequently print or log. Affected Go releases span all net/textproto versions prior to 1.25.11 and 1.26.4, covering a broad surface area of Go-based HTTP, MIME, and mail-handling applications. No public exploit code exists and exploitation probability is extremely low (EPSS 0.02%, 5th percentile), but the integrity risk is real in deployments where net/textproto errors are surfaced to logs, monitoring systems, or user-facing output without sanitization.

Code Injection Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2022-4992 HIGH This Week

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Infinity Acute Care System Standalone Infinity M540 Patient Monitor
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-49143 npm HIGH POC GHSA Monitor

Remote code execution in BrowserStack Runner through version 0.9.5 allows network-adjacent unauthenticated attackers to execute arbitrary code on the host system by sending crafted JSON to the /_log HTTP handler. The flaw stems from unsafe use of vm.runInNewContext() combined with eval(), and a known sandbox-escape technique via util.format and this.constructor.constructor enables full host compromise. No public exploit identified at time of analysis, but the technique is well-documented and the CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability.

RCE Code Injection Node.js Browserstack Runner
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-48596 LOW POC PATCH GHSA Monitor

HTTP header injection in the Tesla Elixir HTTP client library (versions 0.8.0 through before 1.18.3) allows untrusted input forwarded into Tesla.Multipart.add_content_type_param/2 to split outbound Content-Type headers by embedding CR (\r) or LF (\n) characters. When Tesla.Multipart.headers/1 joins content_type_params verbatim with "; ", a maliciously crafted param string terminates the current header line and inserts arbitrary headers into the outbound HTTP request sent by the Tesla client to downstream systems. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists; however, a vendor-released patch is available in version 1.18.3.

Code Injection Tesla
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-48598 LOW POC PATCH GHSA Monitor

{k}="#{v}" with no validation of CR, LF, or double-quote characters, enabling a crafted value to close the quoted parameter early, forge headers like Content-Type, or corrupt the part body. No public exploit is identified at time of analysis, and the CVSS 4.0 score of 2.1 (SI:L only) reflects a narrow integrity impact confined to the downstream system receiving the forged multipart payload.

Code Injection Tesla
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1829 HIGH This Week

Remote code execution in the Content Visibility for Divi Builder WordPress plugin (versions ≤ 4.02) allows authenticated attackers with Contributor-level access or higher to execute arbitrary PHP on the server by abusing the 'cvdb_content_visibility_check' parameter of the 'et_pb_text' shortcode. The flaw is a CWE-94 code injection issue disclosed by Wordfence and carries a CVSS 3.1 score of 8.8. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

RCE WordPress Code Injection
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-35447 MEDIUM This Month

Authorization bypass in NamelessMC 2.2.4's profile wall system allows low-privileged authenticated users to post to private or blocking profiles, and to inject replies into wall posts belonging to arbitrary profiles they would otherwise be restricted from accessing. The profile.php module processes wall post submissions before performing the visibility and block-list authorization checks, meaning the write completes before any rejection occurs. A second independent flaw in the reply branch skips verification that the target wall post belongs to the profile being accessed, enabling cross-profile reply injection via a restricted profile URL. No public exploit code has been identified and this is not listed in CISA KEV, but a patch is available in version 2.2.5.

PHP Code Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-47117 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in OpenMed before 1.5.2 allows unauthenticated attackers to execute arbitrary Python code on the OpenMed service by abusing broad substring matching in the PII privacy-filter model dispatcher to load attacker-controlled Hugging Face repositories with trust_remote_code=True. The flaw, reported by VulnCheck and tracked as CWE-94 (Code Injection), carries a CVSS 4.0 score of 9.3 and a vendor-released patch is available; no public exploit identified at time of analysis.

RCE Code Injection Openmed
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-1784 HIGH This Week

HAProxy configuration injection in Red Hat OpenShift Container Platform 4 allows a low-privileged tenant with permission to create or modify Route resources to inject controlled directives into the cluster ingress configuration via the spec.path field. No public exploit identified at time of analysis, but the CVSS 8.8 score with scope change (S:C) reflects the ability to break out of the tenant boundary and impact the shared HAProxy router serving the entire cluster.

Code Injection Red Hat Openshift Container Platform 4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-38967 CRITICAL Act Now

HTTP response header injection in CrowCpp Crow through v1.3.1 allows remote attackers to inject arbitrary CR/LF sequences into response headers when application code passes unvalidated input to header-setting APIs. The flaw stems from the framework not stripping \r\n characters in header keys or values, enabling CRLF injection that can lead to response splitting, cache poisoning, or XSS depending on how the embedding application uses user input. No public exploit identified at time of analysis and EPSS is very low (0.02%), but the upstream fix in PR #1167 confirms the issue and provides a sanitization routine.

Code Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-9311 CRITICAL PATCH Act Now

Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 allows network-based attackers to bypass security controls and execute arbitrary code on the application server. The flaw carries a CVSS 9.0 critical rating with a scope-changed impact (S:C) and requires no authentication, though high attack complexity (AC:H) suggests specific timing or environmental conditions must be met. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

IBM RCE Code Injection
NVD VulDB
CVSS 3.1
9.0
EPSS
0.3%
CVE-2026-45131 CRITICAL Act Now

Secret exfiltration in CloudPirates Open Source Helm Charts (prior to commit fcf9302) allows unauthenticated attackers to steal repository secrets, including Docker Hub credentials and tokens, by submitting a malicious fork pull request that triggers the pull-request.yaml GitHub Actions workflow in a privileged context. No public exploit is identified at time of analysis, but the attack pattern is a well-known pwn-request misconfiguration that requires no maintainer approval, and the CVSS score of 10.0 (Critical) with scope change reflects compromise of CI/CD secrets that extend beyond the workflow boundary.

Docker RCE Code Injection
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-45132 CRITICAL Act Now

Credential exposure in CloudPirates Open Source Helm Charts (prior to commit fcf9302) allows attackers to steal a Personal Access Token and SSH signing key by submitting a malicious pull request that the vulnerable GitHub Actions workflow checks out and executes with privileged secrets. The repository's generate-schema.yaml workflow used unsafe pull_request_target patterns combined with checkout of fork-controlled code, enabling code injection into a privileged CI context. No public exploit identified at time of analysis, but the attack pattern is well-documented for this class of GitHub Actions misconfiguration.

RCE Code Injection Helm Charts
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-8931 CRITICAL Act Now

Remote code execution in Disig Web Signer versions 2.0.3 through 2.5.3 allows network-adjacent attackers to execute arbitrary code on systems running this Slovak electronic signing client when a user performs a passive interaction (e.g., visiting a malicious page or processing a crafted signing request). The flaw was reported by Slovakia's National Security Authority (incident@nbu.gov.sk) and carries a CVSS 4.0 score of 9.4 (Critical) with both vulnerable and subsequent system impact rated High, indicating a likely scope-changing condition. There is no public exploit identified at time of analysis and the vulnerability is not currently listed in the CISA KEV catalog.

RCE Code Injection
NVD
CVSS 4.0
9.4
EPSS
0.4%
CVE-2026-10223 LOW POC Monitor

Injection vulnerability in NousResearch hermes-agent's `_scan_memory_content` function exposes authenticated low-privileged remote users to partial confidentiality, integrity, and availability compromise across all versions through 2026.4.30. The flaw originates in `tools/memory_tool.py`, where user-controlled input is insufficiently neutralized before being passed to downstream components. No public exploit identified at time of analysis is incorrect - a public proof-of-concept exploit exists (GitHub gist), and the vendor has not responded to responsible disclosure, meaning no patch has been released.

Code Injection Hermes Agent
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10222 PyPI LOW POC PATCH Monitor

Injection vulnerability in NousResearch hermes-agent (all versions through 2026.4.30) allows remote unauthenticated attackers to exploit improper neutralization in the _sanitize_env_lines function of hermes_cli/config.py, achieving partial confidentiality, integrity, and availability impact. The flaw is tagged as code injection (CWE-74), meaning attacker-controlled input passed through this sanitization routine may reach a downstream component in an executable or interpreted context. A public proof-of-concept exploit exists (GitHub gist), though the CVSS vector assigns high attack complexity, indicating exploitation is not trivial. No vendor patch exists; the vendor was unresponsive to coordinated disclosure.

Code Injection Hermes Agent
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-10221 MEDIUM POC This Month

Remote code/prompt injection in NousResearch Hermes Agent through 0.12.0 stems from improper neutralization in the _compress_context function within run_agent.py (CWE-74). Publicly available exploit code exists and the issue is remotely triggerable without authentication per the CVSS vector, though impact is bounded to Low across confidentiality, integrity, and availability. The vendor was contacted but did not respond, leaving downstream users without an official fix at time of analysis.

Code Injection Hermes Agent
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-10210 LOW POC Monitor

Injection in AstrBot 4.23.6 allows authenticated remote attackers to manipulate input through the `_sanitize_prompt_description` function in `astrbot/core/skills/skill_manager.py`, bypassing sanitization and achieving partial impact on confidentiality, integrity, and availability. A publicly available exploit (POC) exists on GitHub, and the vendor did not respond to responsible disclosure, meaning no official patch has been released. No public exploit identified as confirmed actively exploited (CISA KEV), though the public POC and low-privilege entry point lower the barrier for exploitation.

Code Injection Astrbot
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10175 PyPI LOW POC Monitor

Code injection in Aider-AI Aider 0.86.3 Architect Mode enables authenticated remote attackers to execute arbitrary code via the `editor_coder.run` function in `auth.py`. A public proof-of-concept exploit is available via GitHub issue #5058, lowering the barrier to exploitation. No vendor patch exists as the project has not responded to the responsible disclosure, leaving all users of the affected version exposed with no official remediation path.

RCE Code Injection Aider
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-47391 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in PraisonAI's first-party A2A server example (pip package <= 4.6.39) allows unauthenticated network attackers to execute arbitrary Python on the server process by sending a JSON-RPC message/send request to /a2a that drives the LLM-backed agent into invoking an eval()-based calculate tool. The chain combines three first-party defaults - no auth_token, 0.0.0.0 bind, and an eval()-backed example tool - and was confirmed end-to-end against a real Gemini model with a canary marker file write. No public exploit identified at time of analysis beyond the proof-of-concept in the advisory itself, and the issue is not in CISA KEV.

Denial Of Service RCE Code Injection Python
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-47398 PyPI HIGH PATCH GHSA This Week

Remote code execution in PraisonAI versions 2.0.0 through 4.6.39 allows attackers to execute arbitrary Python code via two unguarded spec.loader.exec_module call sites in agents_generator.py. The flaw is a sibling of CVE-2026-44334: the v4.6.32 chokepoint refactor added a PRAISONAI_ALLOW_LOCAL_TOOLS env-var gate to tool_override.py but missed the load_tools_from_module and load_tools_from_module_class sinks, which load arbitrary module paths from YAML agent configuration without validation. Publicly available exploit code exists (working PoC published with the advisory) and a fixed release is available in 4.6.40.

RCE Code Injection Python
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-44287 MEDIUM PATCH This Month

Sandbox escape in FastGPT's JavaScript code execution worker allows authenticated remote attackers to execute arbitrary OS commands inside the sandbox container by bypassing a regex-based blocklist. The sandbox at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() using a regex that matches only ASCII whitespace between 'import' and '(', failing to account for JavaScript's syntactically valid block comment syntax - the payload import/**/("child_process") parses correctly by the JS engine but evades the regex entirely. Because the safeRequire Proxy only intercepts require() and not native ES import(), the attacker gains direct access to child_process and execSync as uid=100(sandbox). No public exploit identified at time of analysis, but the bypass technique is fully documented in the vendor advisory and is trivially reproducible by any authenticated user.

RCE Code Injection Fastgpt
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-44495 npm HIGH PATCH GHSA This Week

Prototype-pollution gadget in Axios (npm) before 1.15.2 and 0.31.1 allows an attacker who has already polluted Object.prototype.transformResponse in the same JavaScript process to hijack response handling, exfiltrate request config (URL, headers, auth credentials), and tamper with returned data. The flaw lives in mergeConfig() and transformData(), which read config via prototype-chain lookups, so any helper library prototype pollution becomes a credential-theft and DoS primitive for every Axios request. No public exploit identified at time of analysis beyond the advisory's PoC, and the issue is not in CISA KEV.

Denial Of Service RCE Code Injection
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-44698 HIGH PATCH This Week

Cross-origin JavaScript injection in Home Assistant Companion apps for Android (before 2026.4.4) and iOS (before 2026.4.1) allows a malicious iframe loaded inside the app's WebView to execute arbitrary JavaScript in the Home Assistant frontend's origin and steal the signed-in user's access token. The flaw stems from exposing the native JavaScript bridge (window.externalApp on Android, webkit.messageHandlers.getExternalAuth on iOS) to all frames combined with unsanitized callback identifier interpolation. No public exploit identified at time of analysis, and the issue is not in CISA KEV.

Apple RCE Google Code Injection
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-45555 HIGH PATCH This Week

Arbitrary code execution in Roslyn CodeLens MCP Server versions 0.0.9 through 1.17.0 allows attackers to run code in the MCP server process by tricking a victim into opening a malicious .NET solution. The get_diagnostics tool automatically loads and executes any DiagnosticAnalyzer DLL referenced by a .csproj without allowlist, signature validation, or user prompt, and includeAnalyzers defaults to true. No public exploit identified at time of analysis, but the attack pattern (malicious project file + attacker-controlled DLL) is well understood and trivial to weaponize.

RCE Code Injection Roslyn Codelens Mcp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45312 CRITICAL Act Now

Server-side template injection in RAGFlow 0.24.0 and earlier allows any authenticated user to execute arbitrary operating system commands on the host through the Jinja2-based prompt generator (rag/prompts/generator.py). Because RAGFlow installations commonly permit open self-registration, the practical barrier is minimal: an attacker registers an account, builds a Canvas workflow chaining a DuckDuckGo retrieval node with an LLM node, and triggers the SSTI to break out of the Jinja2 sandbox. No public exploit identified at time of analysis, but the vendor security advisory describes the chain explicitly.

Ssti Code Injection
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-9976 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows attackers to run arbitrary code by luring a victim to a crafted HTML page that abuses an inappropriate implementation in the browser's USB subsystem. Chromium rates the severity as High and the CVSS 8.8 vector reflects unauthenticated network exploitation with required user interaction. No public exploit identified at time of analysis, but the vendor has shipped a stable channel patch.

Google RCE Code Injection Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9938 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. The Chromium project rates the severity as High and CVSS scores it 8.8 (network-reachable, low complexity, no privileges, user interaction required). No public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), suggesting limited near-term mass-exploitation likelihood despite the high impact rating.

Google RCE Code Injection Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-45344 HIGH PATCH This Week

Remote code execution in LinkAce self-hosted link archive versions prior to 2.5.6 allows unauthenticated remote attackers to inject arbitrary mail configuration variables into the application's .env file via the initial setup database configuration flow, leading to command execution when the application subsequently sends mail. The flaw, classified as CWE-74 injection, affects instances that have not yet completed the setup wizard and carries a CVSS 8.1 (High). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Code Injection Linkace
NVD GitHub
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-49130 MEDIUM PATCH This Month

CRLF injection in Music Player Daemon (MPD) before version 0.24.11 enables network-accessible, unauthenticated attackers to embed raw CR/LF bytes into URI fields parsed from malicious XSPF playlists, injecting forged key-value lines into MPD text protocol responses - including playlistinfo, currentsong, and listplaylist outputs - as well as the persistent state file. The root mechanism is Expat's decoding of XML numeric character references (e.g., &#13;&#10;) before invoking the character data callback in xspf_char_data, bypassing any empty-string checks that previously served as the only guard. No public exploit code or CISA KEV listing exists at time of analysis, but the no-authentication network vector means any MPD instance that processes externally supplied playlists is exposed; the fix also extended to ASX, PLS, and RSS playlist plugins, indicating the affected surface was broader than the CVE title implies.

Code Injection Mpd
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-46439 PyPI HIGH PATCH GHSA This Week

Server-side template injection in the compliance-trestle `trestle author jinja` command enables arbitrary command execution when operators process attacker-controlled OSCAL data (SSP documents or Lookup Tables). Because the renderer recursively re-evaluates already-rendered output through a non-sandboxed Jinja2 Environment, malicious Jinja expressions placed in data fields like a system title are executed in a second pass even when the template itself is trusted and static. A proof-of-concept is published in the GHSA advisory; no public exploit identified at time of analysis as actively used in the wild, and the issue is not on CISA KEV.

RCE Code Injection Python
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45261 CRITICAL PATCH Act Now

Remote code execution in GitButler desktop application versions prior to 0.19.7 allows attackers to execute arbitrary scripts within the Tauri webview by injecting malicious links into pull request bodies. The flaw activates when a user with forge integration enabled clicks the crafted link, leading to full compromise of the desktop client context. No public exploit identified at time of analysis, though the GitHub Security Advisory GHSA-xpmj-536r-9fc6 publicly documents the issue.

RCE Code Injection Gitbutler
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-9658 HIGH PATCH This Week

Header injection filtering bypass in Plack::Middleware::Security::Common (Perl) versions prior to 0.13.1 allows remote attackers to smuggle CRLF sequences and additional headers through request paths that are not double-encoded. The flaw weakens a security middleware specifically designed to prevent header injection, and while EPSS sits at 0.03% (9th percentile) with no public exploit identified at time of analysis, downstream impact depends on how reverse proxies and Plack-based servers handle the unblocked CRLF payloads.

Code Injection Plack
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-32999 CRITICAL PATCH Act Now

Remote code execution in Comet Backup server allows a tenant administrator to inject arbitrary code into the backup agent signing module via insufficient character filtering, ultimately running code with elevated privileges on the Comet server and on connected backup agent devices. The vendor advisory links the issue to the branding configuration path, and no public exploit has been identified at time of analysis. Combined with a Scope:Changed CVSS:3.1 score of 9.0, successful exploitation pivots from a single tenant context into the underlying server and downstream endpoints.

RCE Code Injection Comet Backup
NVD VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-46621 Maven CRITICAL PATCH GHSA Act Now

Remote code execution in Yamcs (the open-source mission control framework, yamcs-core) before 5.12.7 lets an authenticated operator holding the ChangeMissionDatabase privilege overwrite a Python (Jython) algorithm via the Mission Database REST API and run arbitrary OS commands on the host. The Jython script engine is invoked without a sandbox, so injected algorithm text can import java.lang.Runtime and shell out. Publicly available exploit code exists (a full PoC is published in the GitHub Security Advisory), but the issue is not listed in CISA KEV and no public in-the-wild exploitation is identified.

RCE Java Command Injection Code Injection Python
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2026-46562 Maven CRITICAL PATCH GHSA Act Now

Remote code execution in the Yamcs mission control framework (org.yamcs:yamcs-core, releases 4.7.3 through 5.12.6) lets a caller of the algorithm-override endpoint run arbitrary Java/OS code on the ground server. The Nashorn JavaScript engine that evaluates user-supplied algorithm text is created without a ClassFilter, so payloads can reach any Java class (e.g. java.lang.Runtime) and execute commands as the Yamcs process user; because the default install (no security.yaml) gives the built-in guest user superuser=true, the endpoint is reachable by an unauthenticated network attacker. A detailed working exploit is published in the GitHub Security Advisory (publicly available exploit code exists); the issue is not listed in CISA KEV and no EPSS score was provided in the input.

Java RCE Code Injection Python
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-46538 MEDIUM This Month

Authenticated cross-device task-result injection in Microsoft UFO's constellation architecture allows a low-privileged peer device to hijack the pending task response of a victim device by spoofing a TASK_END message. Specifically in version 3.0.1-4-ge2626659, the constellation server resolves pending Futures keyed solely on session_id without binding verification to the originating device, meaning any authenticated constellation participant who can supply a matching session_id can substitute attacker-controlled result data into the victim device's task flow. No public exploit has been identified at time of analysis and this CVE is not listed in the CISA KEV catalog, though the high-complexity CVSS vector (AC:H) reflects the session_id guessing or observation requirement.

Microsoft Code Injection
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-45070 PHP MEDIUM PATCH GHSA This Month

Header injection in Symfony's Mime component (symfony/mime) enables attackers to inject arbitrary MIME headers into serialized email messages when an application passes untrusted input as a parameter name to ParameterizedHeader. The component correctly encodes parameter values per RFC 2045/5322 but emits parameter names verbatim, meaning CRLF sequences in a user-influenced parameter name terminate the current header line and allow arbitrary new headers to be appended. No active exploitation is confirmed (not in CISA KEV), no public exploit code has been identified, and vendor-released patches are available across all supported Symfony branches.

Code Injection
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-47273 MEDIUM PATCH This Month

XPath injection in pam_usb prior to 0.9.0 allows unauthenticated remote attackers to manipulate device-verification queries against /etc/pamusb.conf, potentially bypassing USB hardware authentication entirely. PAM usernames and service names submitted through network-facing services such as SSH are passed unsanitized into XPath expressions; injecting predicates such as `' or @id='victim` causes the device-presence check to evaluate as true without the USB token physically present. No public exploit identified at time of analysis, though the GitHub security advisory, fix commit, and injection test cases demonstrating the technique are publicly available.

Code Injection Pam Usb
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-44887 CRITICAL PATCH Act Now

Unauthenticated remote code execution affects Pi.Alert, an open-source WiFi/LAN intruder detector with web-based service monitoring, in all versions prior to the 2026-05-07 release. The web configuration editor writes attacker-controlled content into pialert.conf, which the background scan daemon subsequently evaluates with Python's exec(), so injected statements run with the daemon's privileges. Because the product ships with web protection disabled by default, an attacker reaching the web interface needs no credentials, yielding a CVSS 9.8 critical flaw; no public exploit identified at time of analysis.

Code Injection RCE Python
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-44888 CRITICAL PATCH Act Now

Unauthenticated remote code execution affects Pi.Alert, a Python-based Wi-Fi/LAN intruder detector, in all releases prior to the 2026-05-07 fix. The web UI's SaveConfigFile() endpoint writes attacker-supplied numeric configuration values such as SMTP_PORT into pialert.conf with no validation, and because that file is reloaded via Python's exec() by a background cron job every 3-5 minutes, injected Python executes at the OS level. On default installations (PIALERT_WEB_PROTECTION = False) no credentials are required, matching the CVSS 9.8 network/no-privilege rating; there is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but trivial complexity and full CIA impact make it a high-priority patch.

Code Injection RCE Python
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-45618 npm CRITICAL PATCH GHSA Act Now

Remote code execution in LiquidJS template engine versions before 10.26.0 lets an attacker who can supply template content escape the rendering context and run arbitrary Node.js code on the host. The `valueOf` filter leaks the engine's internal scope object (`this`), exposing the parser, filter registry, and ultimately the JavaScript Function constructor, which is chained into command execution. Rated CVSS 10.0 (CWE-94) with a complete working proof-of-concept published in the vendor advisory; it has publicly available exploit code but is not listed in CISA KEV, and no EPSS score was provided in the source data.

RCE Code Injection
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-48545 PyPI HIGH PATCH GHSA This Week

Cross-Space session fixation in Gradio before 6.15.0 lets an attacker who controls any Hugging Face Space poison a process-wide httpx.AsyncClient shared by the framework's /proxy= reverse-proxy endpoint. Because that single client keeps one cookie jar, a Set-Cookie header returned by a malicious upstream Space is stored and automatically replayed on every subsequent proxied request to sibling *.hf.space URLs, allowing the attacker to fix a parent-domain cookie across all users of the same Gradio deployment. SSVC rates exploitation as proof-of-concept with total technical impact; the issue is not in CISA KEV and is fixed in release 6.15.0 (GHSA-2mr9-9r47-px2g).

Code Injection Session Fixation Gradio
NVD GitHub
CVSS 4.0
7.6
EPSS
0.0%
CVE-2026-37713 HIGH This Week

Remote code execution in Dolibarr ERP/CRM versions 22.0.0 through 22.0.4 and 24.0.0-alpha allows network-based attackers to execute arbitrary PHP code via the commonobject.class.php component. The CVSS 7.3 (AV:N/AC:L/PR:N/UI:N) vector indicates no authentication or user interaction is required, though impact metrics are rated Low across CIA. No public exploit identified at time of analysis, and EPSS scoring is very low at 0.06% (18th percentile) despite the unauthenticated network attack surface.

RCE PHP Code Injection
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-37712 HIGH This Week

Remote code execution in Dolibarr ERP/CRM versions 22.0.0 through 22.0.4 and 24.0.0-alpha stems from unsafe use of PHP's call_user_func_array() within the cron job class, enabling attackers to execute arbitrary PHP code on the application server. The vulnerability carries CVSS 7.3 with CWE-94 (Code Injection) classification, and while no public exploit is identified at time of analysis, a security researcher writeup referenced from NVD discusses a five-year history of related dol_eval issues in Dolibarr suggesting recurring weaknesses in this code area. EPSS probability is very low at 0.06% and SSVC reports no observed exploitation, but the issue is rated automatable with partial technical impact.

RCE PHP Code Injection
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-37711 HIGH This Week

Code injection in Dolibarr ERP/CRM versions 22.0.0 through 22.0.4 and 24.0.0-alpha allows a remote, unauthenticated attacker to execute attacker-controlled PHP through the htdocs/core/actions_addupdatedelete.inc.php request handler (CWE-94). The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates a low-effort, network-reachable, no-authentication attack, though all impact metrics are rated Low (C:L/I:L/A:L), suggesting the executable surface is constrained rather than full system takeover. There is no public exploit code confirmed in the provided data and the issue is not in CISA KEV (no observed exploitation per SSVC), but a referenced research write-up and a GitHub Security Advisory exist, and SSVC rates the flaw as automatable.

Code Injection RCE PHP
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-46082 MEDIUM PATCH This Month

KVM SVM subsystem in the Linux Kernel incorrectly handles the INVLPGA instruction when EFER.SVME=0, failing to inject the required #UD (Undefined Opcode) exception into the guest VM. Systems running AMD hardware virtualization (AMD-V/SVM) under KVM are affected from kernel 2.6.32 through multiple stable branches, with the flaw enabling a low-privileged guest user to trigger a high-severity availability impact. No public exploit exists and EPSS stands at 0.02% (5th percentile), indicating very low current exploitation probability; however, the kernel maintainers tagged this for stable backports across six separate stable branches, reflecting broad deployment surface.

Code Injection Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46059 MEDIUM PATCH This Month

Incorrect NextRIP state management in the Linux kernel's KVM nested SVM (nSVM) subsystem causes a denial-of-service condition affecting nested AMD virtualization environments from kernel 5.8 onward. After the first L2 VMRUN completes and NextRIP is updated by the CPU or KVM, a subsequent save/restore cycle incorrectly substitutes the stale current RIP in vmcb02, corrupting virtual machine control block state and crashing the nested guest or KVM subsystem. No active exploitation has been identified (not in CISA KEV, EPSS 0.02% at 4th percentile), and the vulnerability is strictly limited to AMD hosts with nested virtualization configured using NRIPS-disabled L1 guests with injected soft interrupts.

Linux Code Injection Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46032 MEDIUM PATCH This Month

Nested SVM virtualization in the Linux kernel KVM subsystem can leave the host hypervisor (L1) running with corrupted page-table state when CR3 restoration fails during a nested #VMEXIT. The root function nested_svm_vmexit() returns an error code that most callers silently ignore, meaning the host continues executing against corrupt address-space mappings rather than triggering the shutdown behavior mandated by the AMD Architecture Programmer's Manual. The fix injects a triple fault - mirroring real hardware behavior - and continues cleanup to avoid leaving vCPU state partially torn down. No public exploit exists and EPSS is 0.02%, but the availability impact is high for any host running nested AMD virtualization.

Linux Code Injection Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45859 HIGH PATCH This Week

Denial of service in the Linux kernel's netfilter nfnetlink_queue subsystem allows remote attackers to cause packet drops affecting availability when nfqueue is used without the NFQA_CFG_F_GSO capability flag. The flaw is a regression where the shared-unconfirmed conntrack check was performed after skb_gso_segment(), causing GSO UDP packets associated with unconfirmed nf_conn entries to be dropped instead of queued. EPSS is very low (0.02%) with no public exploit identified at time of analysis and no CISA KEV listing, indicating low real-world urgency despite the CVSS 7.5 availability score.

Linux Code Injection
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-45849 MEDIUM PATCH This Month

Improper locking in the Linux kernel's Microsemi Ocelot network switch driver (`net/mscc/ocelot`) allows a local low-privileged user on hardware running Ocelot switch chips to trigger a race condition in `ocelot_port_xmit_inj()`, potentially causing a kernel panic or system crash. Affected stable branches span 6.1.107-6.1.164, 6.6.48-6.6.127, and 6.10.7 through 6.11 release candidates, with patches confirmed in 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, and 7.0. No public exploit identified at time of analysis; EPSS at 0.02% (7th percentile) reflects extremely low exploitation probability, consistent with the hardware-specific trigger requirement and local-only attack vector.

Code Injection Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-8832 HIGH This Week

Remote code execution in the WPCode WordPress plugin (versions through 2.3.5) lets authenticated author-level users run arbitrary PHP on the server. Because the plugin registers its 'wpcode' custom post type without a dedicated capability_type, WordPress falls back to standard post capabilities, so any author can create and publish PHP snippet posts via the XML-RPC wp.newPost method, which are later passed to eval() when rendered through the [wpcode] shortcode. EPSS is modest at 0.44% (63rd percentile) and there is no public exploit identified at time of analysis, but the low privilege bar and full CIA impact make this a high-priority patch for any multi-author site.

Code Injection RCE PHP WordPress
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-6169 HIGH This Week

Remote code execution in the affiliate-toolkit WordPress plugin ("Multi-Network Affiliate & Amazon Product Display") affects versions up to and including 3.8.5, letting authenticated users with Editor-level access or higher run arbitrary PHP on the host. The flaw stems from the bundled BladeOne template engine's runString() method, which compiles attacker-supplied template content into PHP and executes it through eval() with no sanitization or sandboxing. There is no public exploit identified at time of analysis and EPSS sits at a low 0.24%, but the technical impact is total because a successful injection yields full server-side code execution.

Code Injection RCE PHP WordPress
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-48962 HIGH PATCH This Week

Arbitrary Perl code execution in the IO::Compress distribution (all versions before 2.220) lets an attacker who controls the output glob string passed to the bundled File::GlobMapper run arbitrary Perl at the calling process's privilege. The output glob is wrapped in double quotes and later handed to Perl's eval STRING, so an embedded double quote escapes the string context and the trailing characters execute as code. This is rated CVSS 7.3 and tagged RCE/Code Injection; no public exploit was identified at time of analysis and EPSS is very low (0.03%), but a vendor patch (2.220) and the fixing commit are publicly available.

Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-44632 Maven CRITICAL PATCH GHSA Act Now

Remote code execution in Yamcs (Yet Another Mission Control System) versions before 5.12.7 allows an authenticated user holding the ChangeMissionDatabase privilege to run arbitrary OS commands on the server host. The flaw lives in the JavaExprAlgorithmExecutionFactory, which dynamically compiles user-supplied algorithm text with the Janino compiler without any sandbox or restrictive ClassLoader, so injected Java (e.g. java.lang.Runtime.exec) executes with the privileges of the Yamcs process. A detailed proof-of-concept exploit using a REST PATCH to override an existing algorithm is publicly available in the vendor advisory; the issue is not listed in CISA KEV.

RCE Java Code Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2026-44210 Go MEDIUM PATCH GHSA This Month

VM escape in Kata Containers allows any Kubernetes user with pod-creation rights to break out of the VM sandbox and gain full read/write access to the host filesystem. All Kata Containers installations prior to commit ffa59ce3aa78 are affected when using the default configuration.toml, which enables the `virtio_fs_extra_args` and `kernel_params` pod annotations out of the box. An attacker crafts a pod with two annotations: one to redirect virtiofsd to serve the host root filesystem (`/`) into the guest VM, and a second to enable the agent debug console - after which the entire host filesystem is accessible from inside the supposedly isolated VM. A fully working proof-of-concept with confirmed output against Kata Containers 3.28.0 on Ubuntu 24.04 has been publicly disclosed; no public exploit confirmed as actively exploited (CISA KEV) at time of analysis.

Ubuntu Kubernetes Gitlab Docker Code Injection +1
NVD GitHub
EPSS
0.1%
CVE-2026-43945 npm HIGH PATCH GHSA This Week

Pre-authentication remote code execution affects FUXA, an open-source web-based SCADA/HMI platform, in versions >= 1.2.11 and < 1.3.1 (the advisory references build v1.3.0-2706). The flaw is a path-confusion authentication bypass: the login middleware performs a substring match against the full request URL (including the query string), so appending a benign-looking parameter such as ?x=/socket.io to any administrative request causes the server to treat it as a public WebSocket handshake and skip the secureEnabled and nodeRedAuthMode checks entirely. When Node-RED is enabled with command-capable nodes, this reaches the /nodered/* admin interface and yields code execution in the container context (advisory states 'as root'). The GitHub Security Advisory (GHSA-p69w-mmfv-xrfj) discloses the exact bypass payload, so publicly available exploit details exist; there is no CISA KEV listing and no public report of active exploitation at time of analysis.

RCE Code Injection
NVD GitHub
EPSS
0.7%
CVE-2026-42568 Maven MEDIUM POC PATCH GHSA This Month

LDAP injection in Yamcs LdapAuthModule (yamcs-core < 5.12.7) enables horizontal privilege escalation for authenticated low-privilege users. By submitting a wildcard character as the username alongside a single known valid LDAP password, an attacker causes the unescaped LDAP search filter to match the first user returned by the directory query, effectively authenticating as that account. A proof-of-concept exploit is publicly available in the GitHub advisory; no CISA KEV listing exists, but the low attack complexity and published PoC make this a credible threat for any Yamcs deployment using LDAP authentication.

Java LDAP Privilege Escalation Code Injection
NVD GitHub Exploit-DB VulDB
CVSS 3.1
4.3
EPSS
0.8%
CVE-2026-46740 MEDIUM This Month

Metric injection in Mojolicious::Plugin::Statsd through version 0.04 for Perl allows remote unauthenticated attackers to inject arbitrary statsd metrics by supplying crafted values containing newlines, colons, or pipe characters - the delimiters of the statsd wire protocol. Applications that pass untrusted input directly into metric names or set values are affected. No public exploit exists and EPSS is 0.01% (1st percentile), placing this firmly in the low-priority tier despite network accessibility; exploitation requires attacker-controlled data to flow into metric collection paths.

Code Injection
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-9568 LOW PATCH Monitor

Code injection in ThingsBoard 4.3.1.0 and 4.3.1.1 allows remote attackers to embed control characters and shell metacharacters into server-generated Docker Compose YAML files and MQTT publish commands via the /api/v1/provision endpoint's getGatewayDockerComposeFile and getMqttPublishCommand functions. Device credential fields - including clientId, userName, password, and credentialsId - are passed unsanitized into YAML and shell command construction, enabling injection of shell special characters such as $, backtick, and double-quote. No public exploit has been identified at time of analysis; SSVC rates exploitation as none and EPSS is 0.04%, though the RCE tag warrants scrutiny given the CVSS 4.0 score of only 2.3.

Code Injection RCE Thingsboard
NVD VulDB GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-44749 MEDIUM This Month

Content injection into SAP Gateway error messages exposes internal implementation details - specifically regex patterns and URI parsing logic - to authenticated remote attackers. Affecting SAP Gateway versions 750 through 758 and SAP_BASIS 795, the flaw allows an attacker with low-level network credentials to craft inputs that surface sensitive system internals via error responses. Confidentiality impact is rated low; integrity and availability are unaffected. No active exploitation is confirmed (CISA KEV absent), and EPSS sits at 0.01%, consistent with SSVC's 'exploitation: none' assessment.

Code Injection SAP Sap Gateway
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8633 CRITICAL PATCH Act Now

Remote code execution in IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5 and 9.0 allows unauthenticated network attackers to execute arbitrary code via a specially crafted HTTP request. The CVSS 9.8 rating reflects complete confidentiality, integrity, and availability impact with no authentication or user interaction required, though EPSS scores it at only 0.20% probability and CISA SSVC reports no current exploitation. No public exploit has been identified at time of analysis, but IBM has released a patch.

Code Injection IBM RCE Web Server Plug Ins For Websphere Application Server And Websphere Liberty
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-8855 HIGH PATCH This Week

Remote code execution and denial of service in IBM HTTP Server 8.5 and 9.0 affects deployments configured with TLS mutual (client certificate) authentication, where an attacker can trigger code injection (CWE-94) over the network without prior authentication. The flaw carries a CVSS 8.1 score with high attack complexity, and IBM has published a patch (advisory node/7274065); no public exploit has been identified at time of analysis and SSVC marks exploitation as 'none' with total technical impact.

Denial Of Service Code Injection IBM RCE Http Server
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-43935 HIGH PATCH This Week

Host Header Injection in e107 CMS versions prior to 2.3.4 allows remote attackers to poison password reset emails by manipulating the HTTP Host header, producing reset links that point to attacker-controlled domains. Successful exploitation enables credential harvesting and full account takeover, including administrator accounts, when a victim clicks the malicious reset link. Publicly available exploit code exists per SSVC, though EPSS (0.13%) suggests low broad-scale exploitation activity and the issue is not on the CISA KEV list.

Code Injection E107
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-42785 HIGH POC This Week

Remote code execution in OpenKM Community Edition (≤6.3.12) and Professional Edition (≤7.1.47) allows authenticated administrators to execute arbitrary Java/BeanShell code via the /admin/Scripting endpoint using the action=Evaluate parameter. Publicly available exploit code exists (Exploit-DB 52520 and a Nuclei template from Terra System Labs), though no active exploitation has been confirmed in CISA KEV; EPSS sits at 0.42% (62th percentile), reflecting moderate-but-not-widespread interest.

Code Injection Java RCE Openkm Community Edition Openkm Professional Edition
NVD Exploit-DB GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-24937 HIGH PATCH This Week

Authenticated code injection in the VideoWhisper Broadcast Live Video WordPress plugin (versions before 7.1.3) lets a high-privileged user execute arbitrary PHP on the underlying host, yielding full confidentiality, integrity, and availability loss on the WordPress instance. No public exploit identified at time of analysis, and EPSS exploitation probability sits at 0.04% (14th percentile), but SSVC rates the technical impact as total. A vendor patch is available in 7.1.3.

Code Injection RCE Broadcast Live Video
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-48844 HIGH PATCH This Week

Code injection in Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 allows authenticated attackers to execute arbitrary PHP via the LDAP autovalues option, which previously evaluated user-influenced expressions as code. The upstream maintainers removed code evaluation support entirely in the fixed releases. EPSS sits at 0.05% (14th percentile) and there is no public exploit identified at time of analysis, but the issue is patched and rated CVSS 7.5.

Code Injection Webmail
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-47069 LOW POC PATCH GHSA Monitor

CRLF injection in the hackney Erlang HTTP client library's hackney_cookie:setcookie/3 function enables HTTP response splitting against applications using versions 0.9.0 through before 4.0.1. While the function correctly validates the Name and Value cookie arguments against CRLF and control characters, it concatenates the domain and path options verbatim into the output iolist with no equivalent check, creating an injection point. An attacker who can influence the domain or path values passed to that function - for example, by submitting a crafted Host header or URL path that an application forwards directly into the cookie-setting call - can inject arbitrary additional Set-Cookie headers into the HTTP response. No public exploit identified at time of analysis per KEV absence, though SSVC confirms a proof-of-concept exists.

Code Injection Hackney
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-46745 PyPI MEDIUM PATCH This Month

LDAP filter injection in Apache Airflow FAB Auth Manager (apache-airflow-providers-fab < 3.6.4) enables unauthenticated remote attackers to manipulate LDAP query logic by embedding special characters in login credentials, resulting in directory data exfiltration or authentication bypass. The vulnerability is confirmed by source code evidence: the `_search_ldap` and `_ldap_get_nested_groups` methods in `override.py` directly interpolated user-supplied input into LDAP filter strings without sanitization. No public exploit code has been identified at time of analysis and CISA KEV does not list this CVE, but the SSVC framework marks it as automatable, meaning exploitation can be scripted at scale against exposed Airflow instances using LDAP auth.

Authentication Bypass LDAP Apache Code Injection Apache Airflow Fab Provider
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-9422 MEDIUM This Month

Injection vulnerability in KLiK SocialMediaWebsite 1.0 allows remote unauthenticated attackers to submit crafted HTTP POST request parameters to the application's input handler, achieving partial compromise of confidentiality, integrity, and availability. Classified under CWE-74 and tagged as Code Injection, the flaw carries a CVSS 4.0 score of 5.5 (Medium) with confirmed proof-of-concept exploit code publicly available (E:P). Despite the POC, EPSS places exploitation probability at 0.04% (14th percentile), indicating low observed real-world exploitation activity and a narrow effective target base.

Code Injection Klik Socialmediawebsite
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-9420 LOW Monitor

Injection via HTTP GET request parameter manipulation in KLiK SocialMediaWebsite 1.0 allows remote attackers to inject arbitrary content or code through the application's parameter handler, contingent on passive user interaction. The vulnerability carries a CVSS 4.0 base score of 2.1, reflecting limited confidentiality, integrity, and availability impact scoped exclusively to the vulnerable system with no lateral impact. Publicly available exploit code exists per the E:P exploit maturity metric and SSVC poc classification, though EPSS at 0.04% (13th percentile) and the non-KEV status indicate no observed widespread exploitation.

Code Injection Klik Socialmediawebsite
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-9366 PyPI MEDIUM POC PATCH This Month

Code injection in NousResearch hermes-agent 2026.4.23 allows remote unauthenticated attackers to inject and execute arbitrary code through the _scan_context_content function in agent/prompt_builder.py. The vulnerability has publicly available exploit code and affects all versions up to 2026.4.23, with the vendor failing to respond to disclosure attempts.

Code Injection Hermes Agent
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2018-25357 PHP CRITICAL POC PATCH GHSA Act Now

Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection PHP RCE
NVD Exploit-DB GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-9302 LOW POC Monitor

Remote code injection in vps-inventory-monitoring allows authenticated attackers to execute arbitrary PHP code through the VpsTest console command. The vulnerability exists in the eval() function within VpsTest.php, exploitable by manipulating the 'vf' parameter with low attack complexity. Publicly available exploit code exists (GitHub POC published), and the maintainer has not responded to early disclosure attempts. CVSS 6.3 reflects moderate impact across confidentiality, integrity, and availability, with EPSS data unavailable but risk elevated by confirmed POC and unresponsive vendor.

PHP Code Injection RCE
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-41073 MEDIUM PATCH This Month

Spreadsheet formula injection in Best Practical Request Tracker (RT) allows a low-privileged authenticated attacker to embed malicious formulas in ticket fields that execute when an administrator or staff member exports data to CSV and opens the file in a spreadsheet application. Affected versions span the entire RT 5.0 line prior to 5.0.10 and RT 6.0.0 through 6.0.2. No public exploit code has been identified at time of analysis and no CISA KEV listing exists, but the attack surface is broad given that CSV exports are a routine administrative workflow in ticketing systems.

Code Injection Rt
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-44930 Maven CRITICAL PATCH GHSA Act Now

Arbitrary certificate disclosure in Apache CXF's XKMS server lets remote attackers abuse an LDAP injection flaw (CWE-90) in the LDAP-backed certificate repository to retrieve certificates they are not authorized to see. Affected builds span Apache CXF 3.x before 3.6.11, 4.0.0-4.1.x before 4.1.6, and 4.2.0 before 4.2.1; the issue was reported by Apache itself and fixed in those releases. No public exploit identified at time of analysis, EPSS is very low (0.02%, 4th percentile), and CISA SSVC scores exploitation as 'none' with only 'partial' technical impact.

Code Injection LDAP Apache Apache Cxf
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-46640 PHP HIGH PATCH GHSA This Week

Arbitrary PHP code execution in Twig templating engine versions 3.15.0 through 3.25.x allows attackers who control template source to inject raw PHP into the compiled template via the `_self.(<string>)` dynamic-attribute macro-reference path, fully bypassing the SandboxExtension. The flaw executes injected code at template-load time, before any SecurityPolicy check runs, rendering even a globally-enabled empty allowlist sandbox ineffective. No public exploit identified at time of analysis, but the vendor advisory describes the bypass mechanism in enough detail that PoC development is straightforward.

PHP Code Injection RCE
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-46633 PHP HIGH PATCH GHSA This Week

{% use %}` tags to break out of compiled cache file string literals and execute arbitrary PHP code. The flaw bypasses the Twig sandbox entirely because `SecurityPolicy` unconditionally permits `{% use %}` regardless of `allowedTags` configuration. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-7p85-w9px-jpjp) discloses the full exploitation primitive.

PHP Code Injection RCE
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-46654 Cargo HIGH PATCH GHSA This Week

Transcript malleability in the Plonky3 p3-challenger crate (MultiField32Challenger) allows a malicious prover to craft distinct observation streams that collapse to identical Fiat-Shamir challenges, breaking the soundness binding of the SNARK transcript. Affected versions are p3-challenger < 0.4.3 and 0.5.0-0.5.2, with fixes shipped in 0.4.3 and 0.5.3. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; risk is primarily to ZK proof system integrity rather than confidentiality.

Code Injection
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.0%
CVE-2026-46517 PyPI HIGH GHSA This Week

Unsafe default code execution in InternLM LMDeploy (<=0.12.3) lets a malicious Hugging Face model repository run arbitrary Python on the host whenever a user loads it through any LMDeploy CLI (serve, calibrate, gptq, awq). The library hardcodes transformers.AutoConfig.from_pretrained(..., trust_remote_code=True) in get_model_arch and related helpers with no flag, env var, or warning to opt out, overriding HF Transformers' default-secure stance. No public exploit identified at time of analysis, and exploitation requires the user to load an untrusted repo, so risk is hardening-level rather than network-reachable RCE.

Code Injection Python RCE
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46432 PyPI HIGH PATCH GHSA This Week

Arbitrary code execution in InternLM lmdeploy <= 0.12.3 occurs because trust_remote_code=True is hardcoded across HuggingFace model-loading call sites in lmdeploy/archs.py and lmdeploy/utils.py. An attacker who can influence the model_path passed to an lmdeploy serving process can point it at a malicious HuggingFace repository, causing Transformers to download and execute attacker-controlled Python code with the privileges of the serving daemon. Publicly available exploit code exists in the GHSA advisory, and an upstream fix has been merged via PR #4511 (fixed in 0.13.0).

Kubernetes Code Injection RCE Denial Of Service Python
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-42396 MEDIUM PATCH This Month

Catalog zone transfer failure in PowerDNS Authoritative can be triggered by a high-privileged remote attacker who injects insufficiently validated member zone data, causing the catalog zone transfer mechanism to abort and preventing secondary nameservers from receiving zone updates. The impact is a targeted denial-of-service against DNS zone replication infrastructure, affecting any deployment using catalog zones (RFC 9432). No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

RCE Code Injection Authoritative
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-44063 MEDIUM PATCH This Month

LDAP filter injection in Netatalk 2.1.0 through 4.4.2 enables an authenticated remote attacker to manipulate LDAP query logic, potentially reading or modifying directory entries beyond their authorization scope. The CVSS score of 4.2 (Medium) reflects real but bounded impact - high attack complexity and a requirement for low-privilege authentication constrain opportunistic exploitation. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

LDAP Code Injection Suse
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-8467 CRITICAL PATCH GHSA Act Now

Unauthenticated remote code execution in phenixdigital phoenix_storybook 0.5.0 through versions before 1.1.0 allows attackers to execute arbitrary Elixir code on the server by abusing the psb-assign WebSocket event to inject HEEx template expressions. The flaw stems from attribute values being interpolated verbatim into HEEx templates that are then compiled and evaluated with full Kernel imports and no sandbox. Publicly available exploit code exists via the upstream commit and GHSA advisory, though no public exploit identified at time of analysis for in-the-wild use; CVSS 4.0 score is 9.5.

Code Injection RCE
NVD GitHub VulDB
CVSS 4.0
9.5
EPSS
0.3%
CVE-2026-22314 CRITICAL Act Now

Code injection in Mesalvo Meona Client Launcher Component (through 19.06.2020 15:11:49) and Meona Server Component (through 2025.04 5+323020) allows an authenticated, low-privileged attacker to execute code on other users' systems via crafted input that crosses a scope boundary, with user interaction required on the victim side. CVSS 9.0 reflects the cross-user/cross-system impact (Scope:Changed) and full CIA compromise; no public exploit identified at time of analysis. The product is a clinical/healthcare workflow platform, so successful exploitation can pivot between hospital workstations and the server tier.

Code Injection RCE Meona Client Launcher Component Meona Server Component
NVD
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-42960 MEDIUM PATCH This Month

DNS cache poisoning in NLnet Labs Unbound 1.25.0 and earlier allows an adjacent-network attacker to inject malicious resource records into the resolver's cache by exploiting insufficient validation of authority-section RRSets. By attaching forged non-NS RRSets (such as MX records) with accompanying address records in spoofed or fragmented DNS replies, an attacker can trick Unbound into caching poisoned entries when the authority RRSet carries sufficient trust as in-zone delegation data. Publicly available proof-of-concept exploit code exists (CVSS 4.0 E:P); this is a complement fix to CVE-2025-11411, meaning systems that patched the prior vulnerability but have not upgraded to 1.25.1 remain exposed.

Code Injection Suse Red Hat
NVD VulDB
CVSS 4.0
5.7
EPSS
0.0%
CVE-2026-6366 PHP MEDIUM PATCH This Month

Object injection in Drupal Core across branches 8.0.0 through 11.3.x allows a network-accessible, highly privileged authenticated user to manipulate dynamically-determined object attributes, with potential full compromise of confidentiality, integrity, and availability. The CVSS vector (AV:N/AC:H/PR:H) confirms this is a network-reachable flaw but imposes steep prerequisites: administrator-level access and high attack complexity. No public exploit code or confirmed active exploitation has been identified at time of analysis.

Code Injection Drupal Core
NVD VulDB
CVSS 3.1
6.6
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Header injection via parser differential in daphne before 4.2.2 allows unauthenticated remote attackers to smuggle synthetic headers into the ASGI scope received by Django applications during WebSocket handshake processing. The root cause is that Twisted (which daphne uses to parse inbound HTTP) ignores six specific Unicode bytes as line separators, while autobahn (which daphne feeds for WebSocket negotiation) calls Python's str.splitlines() and recognizes them - causing a single header value to be split into multiple injected header lines. No public exploit has been identified at time of analysis, and CVSS scores this at 3.7 (Low) due to high attack complexity, though real-world severity scales with how heavily the downstream application trusts ASGI-scope headers for security decisions.

Code Injection Request Smuggling Daphne +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Log injection in morgan Node.js middleware versions 1.2.0 through 1.10.1 allows unauthenticated remote attackers to forge access log entries by embedding CR or LF control characters in the Basic authentication username of the Authorization request header. The :remote-user format token writes this value to the log stream without sanitization, breaking the one-request-per-line log structure and enabling attackers to fabricate arbitrary log lines visible to downstream consumers such as SIEMs or log aggregators. No active exploitation is confirmed (not in CISA KEV) and no public exploit code is identified at time of analysis, but the zero-prerequisite network attack vector and widespread use of morgan across the Node.js/Express ecosystem make this a meaningful integrity risk for security monitoring pipelines.

Code Injection Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Remote code execution in Koha v.25.11 and earlier allows unauthenticated network attackers to inject and execute arbitrary code through the Z39.50 configuration module. Koha is a widely deployed open-source integrated library system (ILS); the affected component handles Z39.50, a standard client-server protocol used for querying remote library catalogues. No public exploit identified at time of analysis, though a researcher technical write-up is publicly available at g03m0n.github.io, and EPSS exploitation probability is low at 0.05% (16th percentile). Notable discrepancy: CVSS impact scores (C:L/I:L) appear understated relative to the arbitrary code execution claim and should be treated with caution.

Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Error message injection in Go's net/textproto standard library package allows unauthenticated remote attackers to embed attacker-controlled content into error strings that applications subsequently print or log. Affected Go releases span all net/textproto versions prior to 1.25.11 and 1.26.4, covering a broad surface area of Go-based HTTP, MIME, and mail-handling applications. No public exploit code exists and exploitation probability is extremely low (EPSS 0.02%, 5th percentile), but the integrity risk is real in deployments where net/textproto errors are surfaced to logs, monitoring systems, or user-facing output without sanitization.

Code Injection Suse Red Hat
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Infinity Acute Care System Standalone Infinity M540 Patient Monitor
NVD
EPSS 0% CVSS 8.7
HIGH POC Monitor

Remote code execution in BrowserStack Runner through version 0.9.5 allows network-adjacent unauthenticated attackers to execute arbitrary code on the host system by sending crafted JSON to the /_log HTTP handler. The flaw stems from unsafe use of vm.runInNewContext() combined with eval(), and a known sandbox-escape technique via util.format and this.constructor.constructor enables full host compromise. No public exploit identified at time of analysis, but the technique is well-documented and the CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability.

RCE Code Injection Node.js +1
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

HTTP header injection in the Tesla Elixir HTTP client library (versions 0.8.0 through before 1.18.3) allows untrusted input forwarded into Tesla.Multipart.add_content_type_param/2 to split outbound Content-Type headers by embedding CR (\r) or LF (\n) characters. When Tesla.Multipart.headers/1 joins content_type_params verbatim with "; ", a maliciously crafted param string terminates the current header line and inserts arbitrary headers into the outbound HTTP request sent by the Tesla client to downstream systems. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists; however, a vendor-released patch is available in version 1.18.3.

Code Injection Tesla
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

{k}="#{v}" with no validation of CR, LF, or double-quote characters, enabling a crafted value to close the quoted parameter early, forge headers like Content-Type, or corrupt the part body. No public exploit is identified at time of analysis, and the CVSS 4.0 score of 2.1 (SI:L only) reflects a narrow integrity impact confined to the downstream system receiving the forged multipart payload.

Code Injection Tesla
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in the Content Visibility for Divi Builder WordPress plugin (versions ≤ 4.02) allows authenticated attackers with Contributor-level access or higher to execute arbitrary PHP on the server by abusing the 'cvdb_content_visibility_check' parameter of the 'et_pb_text' shortcode. The flaw is a CWE-94 code injection issue disclosed by Wordfence and carries a CVSS 3.1 score of 8.8. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

RCE WordPress Code Injection
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Authorization bypass in NamelessMC 2.2.4's profile wall system allows low-privileged authenticated users to post to private or blocking profiles, and to inject replies into wall posts belonging to arbitrary profiles they would otherwise be restricted from accessing. The profile.php module processes wall post submissions before performing the visibility and block-list authorization checks, meaning the write completes before any rejection occurs. A second independent flaw in the reply branch skips verification that the target wall post belongs to the profile being accessed, enabling cross-profile reply injection via a restricted profile URL. No public exploit code has been identified and this is not listed in CISA KEV, but a patch is available in version 2.2.5.

PHP Code Injection
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in OpenMed before 1.5.2 allows unauthenticated attackers to execute arbitrary Python code on the OpenMed service by abusing broad substring matching in the PII privacy-filter model dispatcher to load attacker-controlled Hugging Face repositories with trust_remote_code=True. The flaw, reported by VulnCheck and tracked as CWE-94 (Code Injection), carries a CVSS 4.0 score of 9.3 and a vendor-released patch is available; no public exploit identified at time of analysis.

RCE Code Injection Openmed
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

HAProxy configuration injection in Red Hat OpenShift Container Platform 4 allows a low-privileged tenant with permission to create or modify Route resources to inject controlled directives into the cluster ingress configuration via the spec.path field. No public exploit identified at time of analysis, but the CVSS 8.8 score with scope change (S:C) reflects the ability to break out of the tenant boundary and impact the shared HAProxy router serving the entire cluster.

Code Injection Red Hat Openshift Container Platform 4
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

HTTP response header injection in CrowCpp Crow through v1.3.1 allows remote attackers to inject arbitrary CR/LF sequences into response headers when application code passes unvalidated input to header-setting APIs. The flaw stems from the framework not stripping \r\n characters in header keys or values, enabling CRLF injection that can lead to response splitting, cache poisoning, or XSS depending on how the embedding application uses user input. No public exploit identified at time of analysis and EPSS is very low (0.02%), but the upstream fix in PR #1167 confirms the issue and provides a sanitization routine.

Code Injection
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 allows network-based attackers to bypass security controls and execute arbitrary code on the application server. The flaw carries a CVSS 9.0 critical rating with a scope-changed impact (S:C) and requires no authentication, though high attack complexity (AC:H) suggests specific timing or environmental conditions must be met. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

IBM RCE Code Injection
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Secret exfiltration in CloudPirates Open Source Helm Charts (prior to commit fcf9302) allows unauthenticated attackers to steal repository secrets, including Docker Hub credentials and tokens, by submitting a malicious fork pull request that triggers the pull-request.yaml GitHub Actions workflow in a privileged context. No public exploit is identified at time of analysis, but the attack pattern is a well-known pwn-request misconfiguration that requires no maintainer approval, and the CVSS score of 10.0 (Critical) with scope change reflects compromise of CI/CD secrets that extend beyond the workflow boundary.

Docker RCE Code Injection
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Credential exposure in CloudPirates Open Source Helm Charts (prior to commit fcf9302) allows attackers to steal a Personal Access Token and SSH signing key by submitting a malicious pull request that the vulnerable GitHub Actions workflow checks out and executes with privileged secrets. The repository's generate-schema.yaml workflow used unsafe pull_request_target patterns combined with checkout of fork-controlled code, enabling code injection into a privileged CI context. No public exploit identified at time of analysis, but the attack pattern is well-documented for this class of GitHub Actions misconfiguration.

RCE Code Injection Helm Charts
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL Act Now

Remote code execution in Disig Web Signer versions 2.0.3 through 2.5.3 allows network-adjacent attackers to execute arbitrary code on systems running this Slovak electronic signing client when a user performs a passive interaction (e.g., visiting a malicious page or processing a crafted signing request). The flaw was reported by Slovakia's National Security Authority (incident@nbu.gov.sk) and carries a CVSS 4.0 score of 9.4 (Critical) with both vulnerable and subsequent system impact rated High, indicating a likely scope-changing condition. There is no public exploit identified at time of analysis and the vulnerability is not currently listed in the CISA KEV catalog.

RCE Code Injection
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Injection vulnerability in NousResearch hermes-agent's `_scan_memory_content` function exposes authenticated low-privileged remote users to partial confidentiality, integrity, and availability compromise across all versions through 2026.4.30. The flaw originates in `tools/memory_tool.py`, where user-controlled input is insufficiently neutralized before being passed to downstream components. No public exploit identified at time of analysis is incorrect - a public proof-of-concept exploit exists (GitHub gist), and the vendor has not responded to responsible disclosure, meaning no patch has been released.

Code Injection Hermes Agent
NVD VulDB GitHub
EPSS 0% CVSS 2.9
LOW POC PATCH Monitor

Injection vulnerability in NousResearch hermes-agent (all versions through 2026.4.30) allows remote unauthenticated attackers to exploit improper neutralization in the _sanitize_env_lines function of hermes_cli/config.py, achieving partial confidentiality, integrity, and availability impact. The flaw is tagged as code injection (CWE-74), meaning attacker-controlled input passed through this sanitization routine may reach a downstream component in an executable or interpreted context. A public proof-of-concept exploit exists (GitHub gist), though the CVSS vector assigns high attack complexity, indicating exploitation is not trivial. No vendor patch exists; the vendor was unresponsive to coordinated disclosure.

Code Injection Hermes Agent
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Remote code/prompt injection in NousResearch Hermes Agent through 0.12.0 stems from improper neutralization in the _compress_context function within run_agent.py (CWE-74). Publicly available exploit code exists and the issue is remotely triggerable without authentication per the CVSS vector, though impact is bounded to Low across confidentiality, integrity, and availability. The vendor was contacted but did not respond, leaving downstream users without an official fix at time of analysis.

Code Injection Hermes Agent
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Injection in AstrBot 4.23.6 allows authenticated remote attackers to manipulate input through the `_sanitize_prompt_description` function in `astrbot/core/skills/skill_manager.py`, bypassing sanitization and achieving partial impact on confidentiality, integrity, and availability. A publicly available exploit (POC) exists on GitHub, and the vendor did not respond to responsible disclosure, meaning no official patch has been released. No public exploit identified as confirmed actively exploited (CISA KEV), though the public POC and low-privilege entry point lower the barrier for exploitation.

Code Injection Astrbot
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Code injection in Aider-AI Aider 0.86.3 Architect Mode enables authenticated remote attackers to execute arbitrary code via the `editor_coder.run` function in `auth.py`. A public proof-of-concept exploit is available via GitHub issue #5058, lowering the barrier to exploitation. No vendor patch exists as the project has not responded to the responsible disclosure, leaving all users of the affected version exposed with no official remediation path.

RCE Code Injection Aider
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in PraisonAI's first-party A2A server example (pip package <= 4.6.39) allows unauthenticated network attackers to execute arbitrary Python on the server process by sending a JSON-RPC message/send request to /a2a that drives the LLM-backed agent into invoking an eval()-based calculate tool. The chain combines three first-party defaults - no auth_token, 0.0.0.0 bind, and an eval()-backed example tool - and was confirmed end-to-end against a real Gemini model with a canary marker file write. No public exploit identified at time of analysis beyond the proof-of-concept in the advisory itself, and the issue is not in CISA KEV.

Denial Of Service RCE Code Injection +1
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in PraisonAI versions 2.0.0 through 4.6.39 allows attackers to execute arbitrary Python code via two unguarded spec.loader.exec_module call sites in agents_generator.py. The flaw is a sibling of CVE-2026-44334: the v4.6.32 chokepoint refactor added a PRAISONAI_ALLOW_LOCAL_TOOLS env-var gate to tool_override.py but missed the load_tools_from_module and load_tools_from_module_class sinks, which load arbitrary module paths from YAML agent configuration without validation. Publicly available exploit code exists (working PoC published with the advisory) and a fixed release is available in 4.6.40.

RCE Code Injection Python
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Sandbox escape in FastGPT's JavaScript code execution worker allows authenticated remote attackers to execute arbitrary OS commands inside the sandbox container by bypassing a regex-based blocklist. The sandbox at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() using a regex that matches only ASCII whitespace between 'import' and '(', failing to account for JavaScript's syntactically valid block comment syntax - the payload import/**/("child_process") parses correctly by the JS engine but evades the regex entirely. Because the safeRequire Proxy only intercepts require() and not native ES import(), the attacker gains direct access to child_process and execSync as uid=100(sandbox). No public exploit identified at time of analysis, but the bypass technique is fully documented in the vendor advisory and is trivially reproducible by any authenticated user.

RCE Code Injection Fastgpt
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Prototype-pollution gadget in Axios (npm) before 1.15.2 and 0.31.1 allows an attacker who has already polluted Object.prototype.transformResponse in the same JavaScript process to hijack response handling, exfiltrate request config (URL, headers, auth credentials), and tamper with returned data. The flaw lives in mergeConfig() and transformData(), which read config via prototype-chain lookups, so any helper library prototype pollution becomes a credential-theft and DoS primitive for every Axios request. No public exploit identified at time of analysis beyond the advisory's PoC, and the issue is not in CISA KEV.

Denial Of Service RCE Code Injection
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Cross-origin JavaScript injection in Home Assistant Companion apps for Android (before 2026.4.4) and iOS (before 2026.4.1) allows a malicious iframe loaded inside the app's WebView to execute arbitrary JavaScript in the Home Assistant frontend's origin and steal the signed-in user's access token. The flaw stems from exposing the native JavaScript bridge (window.externalApp on Android, webkit.messageHandlers.getExternalAuth on iOS) to all frames combined with unsanitized callback identifier interpolation. No public exploit identified at time of analysis, and the issue is not in CISA KEV.

Apple RCE Google +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in Roslyn CodeLens MCP Server versions 0.0.9 through 1.17.0 allows attackers to run code in the MCP server process by tricking a victim into opening a malicious .NET solution. The get_diagnostics tool automatically loads and executes any DiagnosticAnalyzer DLL referenced by a .csproj without allowlist, signature validation, or user prompt, and includeAnalyzers defaults to true. No public exploit identified at time of analysis, but the attack pattern (malicious project file + attacker-controlled DLL) is well understood and trivial to weaponize.

RCE Code Injection Roslyn Codelens Mcp
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL Act Now

Server-side template injection in RAGFlow 0.24.0 and earlier allows any authenticated user to execute arbitrary operating system commands on the host through the Jinja2-based prompt generator (rag/prompts/generator.py). Because RAGFlow installations commonly permit open self-registration, the practical barrier is minimal: an attacker registers an account, builds a Canvas workflow chaining a DuckDuckGo retrieval node with an LLM node, and triggers the SSTI to break out of the Jinja2 sandbox. No public exploit identified at time of analysis, but the vendor security advisory describes the chain explicitly.

Ssti Code Injection
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows attackers to run arbitrary code by luring a victim to a crafted HTML page that abuses an inappropriate implementation in the browser's USB subsystem. Chromium rates the severity as High and the CVSS 8.8 vector reflects unauthenticated network exploitation with required user interaction. No public exploit identified at time of analysis, but the vendor has shipped a stable channel patch.

Google RCE Code Injection +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. The Chromium project rates the severity as High and CVSS scores it 8.8 (network-reachable, low complexity, no privileges, user interaction required). No public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), suggesting limited near-term mass-exploitation likelihood despite the high impact rating.

Google RCE Code Injection +3
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in LinkAce self-hosted link archive versions prior to 2.5.6 allows unauthenticated remote attackers to inject arbitrary mail configuration variables into the application's .env file via the initial setup database configuration flow, leading to command execution when the application subsequently sends mail. The flaw, classified as CWE-74 injection, affects instances that have not yet completed the setup wizard and carries a CVSS 8.1 (High). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Code Injection Linkace
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

CRLF injection in Music Player Daemon (MPD) before version 0.24.11 enables network-accessible, unauthenticated attackers to embed raw CR/LF bytes into URI fields parsed from malicious XSPF playlists, injecting forged key-value lines into MPD text protocol responses - including playlistinfo, currentsong, and listplaylist outputs - as well as the persistent state file. The root mechanism is Expat's decoding of XML numeric character references (e.g., &#13;&#10;) before invoking the character data callback in xspf_char_data, bypassing any empty-string checks that previously served as the only guard. No public exploit code or CISA KEV listing exists at time of analysis, but the no-authentication network vector means any MPD instance that processes externally supplied playlists is exposed; the fix also extended to ASX, PLS, and RSS playlist plugins, indicating the affected surface was broader than the CVE title implies.

Code Injection Mpd
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Server-side template injection in the compliance-trestle `trestle author jinja` command enables arbitrary command execution when operators process attacker-controlled OSCAL data (SSP documents or Lookup Tables). Because the renderer recursively re-evaluates already-rendered output through a non-sandboxed Jinja2 Environment, malicious Jinja expressions placed in data fields like a system title are executed in a second pass even when the template itself is trusted and static. A proof-of-concept is published in the GHSA advisory; no public exploit identified at time of analysis as actively used in the wild, and the issue is not on CISA KEV.

RCE Code Injection Python
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in GitButler desktop application versions prior to 0.19.7 allows attackers to execute arbitrary scripts within the Tauri webview by injecting malicious links into pull request bodies. The flaw activates when a user with forge integration enabled clicks the crafted link, leading to full compromise of the desktop client context. No public exploit identified at time of analysis, though the GitHub Security Advisory GHSA-xpmj-536r-9fc6 publicly documents the issue.

RCE Code Injection Gitbutler
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Header injection filtering bypass in Plack::Middleware::Security::Common (Perl) versions prior to 0.13.1 allows remote attackers to smuggle CRLF sequences and additional headers through request paths that are not double-encoded. The flaw weakens a security middleware specifically designed to prevent header injection, and while EPSS sits at 0.03% (9th percentile) with no public exploit identified at time of analysis, downstream impact depends on how reverse proxies and Plack-based servers handle the unblocked CRLF payloads.

Code Injection Plack
NVD
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Remote code execution in Comet Backup server allows a tenant administrator to inject arbitrary code into the backup agent signing module via insufficient character filtering, ultimately running code with elevated privileges on the Comet server and on connected backup agent devices. The vendor advisory links the issue to the branding configuration path, and no public exploit has been identified at time of analysis. Combined with a Scope:Changed CVSS:3.1 score of 9.0, successful exploitation pivots from a single tenant context into the underlying server and downstream endpoints.

RCE Code Injection Comet Backup
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Remote code execution in Yamcs (the open-source mission control framework, yamcs-core) before 5.12.7 lets an authenticated operator holding the ChangeMissionDatabase privilege overwrite a Python (Jython) algorithm via the Mission Database REST API and run arbitrary OS commands on the host. The Jython script engine is invoked without a sandbox, so injected algorithm text can import java.lang.Runtime and shell out. Publicly available exploit code exists (a full PoC is published in the GitHub Security Advisory), but the issue is not listed in CISA KEV and no public in-the-wild exploitation is identified.

RCE Java Command Injection +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in the Yamcs mission control framework (org.yamcs:yamcs-core, releases 4.7.3 through 5.12.6) lets a caller of the algorithm-override endpoint run arbitrary Java/OS code on the ground server. The Nashorn JavaScript engine that evaluates user-supplied algorithm text is created without a ClassFilter, so payloads can reach any Java class (e.g. java.lang.Runtime) and execute commands as the Yamcs process user; because the default install (no security.yaml) gives the built-in guest user superuser=true, the endpoint is reachable by an unauthenticated network attacker. A detailed working exploit is published in the GitHub Security Advisory (publicly available exploit code exists); the issue is not listed in CISA KEV and no EPSS score was provided in the input.

Java RCE Code Injection +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Authenticated cross-device task-result injection in Microsoft UFO's constellation architecture allows a low-privileged peer device to hijack the pending task response of a victim device by spoofing a TASK_END message. Specifically in version 3.0.1-4-ge2626659, the constellation server resolves pending Futures keyed solely on session_id without binding verification to the originating device, meaning any authenticated constellation participant who can supply a matching session_id can substitute attacker-controlled result data into the victim device's task flow. No public exploit has been identified at time of analysis and this CVE is not listed in the CISA KEV catalog, though the high-complexity CVSS vector (AC:H) reflects the session_id guessing or observation requirement.

Microsoft Code Injection
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Header injection in Symfony's Mime component (symfony/mime) enables attackers to inject arbitrary MIME headers into serialized email messages when an application passes untrusted input as a parameter name to ParameterizedHeader. The component correctly encodes parameter values per RFC 2045/5322 but emits parameter names verbatim, meaning CRLF sequences in a user-influenced parameter name terminate the current header line and allow arbitrary new headers to be appended. No active exploitation is confirmed (not in CISA KEV), no public exploit code has been identified, and vendor-released patches are available across all supported Symfony branches.

Code Injection
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

XPath injection in pam_usb prior to 0.9.0 allows unauthenticated remote attackers to manipulate device-verification queries against /etc/pamusb.conf, potentially bypassing USB hardware authentication entirely. PAM usernames and service names submitted through network-facing services such as SSH are passed unsanitized into XPath expressions; injecting predicates such as `' or @id='victim` causes the device-presence check to evaluate as true without the USB token physically present. No public exploit identified at time of analysis, though the GitHub security advisory, fix commit, and injection test cases demonstrating the technique are publicly available.

Code Injection Pam Usb
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated remote code execution affects Pi.Alert, an open-source WiFi/LAN intruder detector with web-based service monitoring, in all versions prior to the 2026-05-07 release. The web configuration editor writes attacker-controlled content into pialert.conf, which the background scan daemon subsequently evaluates with Python's exec(), so injected statements run with the daemon's privileges. Because the product ships with web protection disabled by default, an attacker reaching the web interface needs no credentials, yielding a CVSS 9.8 critical flaw; no public exploit identified at time of analysis.

Code Injection RCE Python
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated remote code execution affects Pi.Alert, a Python-based Wi-Fi/LAN intruder detector, in all releases prior to the 2026-05-07 fix. The web UI's SaveConfigFile() endpoint writes attacker-supplied numeric configuration values such as SMTP_PORT into pialert.conf with no validation, and because that file is reloaded via Python's exec() by a background cron job every 3-5 minutes, injected Python executes at the OS level. On default installations (PIALERT_WEB_PROTECTION = False) no credentials are required, matching the CVSS 9.8 network/no-privilege rating; there is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but trivial complexity and full CIA impact make it a high-priority patch.

Code Injection RCE Python
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in LiquidJS template engine versions before 10.26.0 lets an attacker who can supply template content escape the rendering context and run arbitrary Node.js code on the host. The `valueOf` filter leaks the engine's internal scope object (`this`), exposing the parser, filter registry, and ultimately the JavaScript Function constructor, which is chained into command execution. Rated CVSS 10.0 (CWE-94) with a complete working proof-of-concept published in the vendor advisory; it has publicly available exploit code but is not listed in CISA KEV, and no EPSS score was provided in the source data.

RCE Code Injection
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Cross-Space session fixation in Gradio before 6.15.0 lets an attacker who controls any Hugging Face Space poison a process-wide httpx.AsyncClient shared by the framework's /proxy= reverse-proxy endpoint. Because that single client keeps one cookie jar, a Set-Cookie header returned by a malicious upstream Space is stored and automatically replayed on every subsequent proxied request to sibling *.hf.space URLs, allowing the attacker to fix a parent-domain cookie across all users of the same Gradio deployment. SSVC rates exploitation as proof-of-concept with total technical impact; the issue is not in CISA KEV and is fixed in release 6.15.0 (GHSA-2mr9-9r47-px2g).

Code Injection Session Fixation Gradio
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Remote code execution in Dolibarr ERP/CRM versions 22.0.0 through 22.0.4 and 24.0.0-alpha allows network-based attackers to execute arbitrary PHP code via the commonobject.class.php component. The CVSS 7.3 (AV:N/AC:L/PR:N/UI:N) vector indicates no authentication or user interaction is required, though impact metrics are rated Low across CIA. No public exploit identified at time of analysis, and EPSS scoring is very low at 0.06% (18th percentile) despite the unauthenticated network attack surface.

RCE PHP Code Injection
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Remote code execution in Dolibarr ERP/CRM versions 22.0.0 through 22.0.4 and 24.0.0-alpha stems from unsafe use of PHP's call_user_func_array() within the cron job class, enabling attackers to execute arbitrary PHP code on the application server. The vulnerability carries CVSS 7.3 with CWE-94 (Code Injection) classification, and while no public exploit is identified at time of analysis, a security researcher writeup referenced from NVD discusses a five-year history of related dol_eval issues in Dolibarr suggesting recurring weaknesses in this code area. EPSS probability is very low at 0.06% and SSVC reports no observed exploitation, but the issue is rated automatable with partial technical impact.

RCE PHP Code Injection
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Code injection in Dolibarr ERP/CRM versions 22.0.0 through 22.0.4 and 24.0.0-alpha allows a remote, unauthenticated attacker to execute attacker-controlled PHP through the htdocs/core/actions_addupdatedelete.inc.php request handler (CWE-94). The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates a low-effort, network-reachable, no-authentication attack, though all impact metrics are rated Low (C:L/I:L/A:L), suggesting the executable surface is constrained rather than full system takeover. There is no public exploit code confirmed in the provided data and the issue is not in CISA KEV (no observed exploitation per SSVC), but a referenced research write-up and a GitHub Security Advisory exist, and SSVC rates the flaw as automatable.

Code Injection RCE PHP
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

KVM SVM subsystem in the Linux Kernel incorrectly handles the INVLPGA instruction when EFER.SVME=0, failing to inject the required #UD (Undefined Opcode) exception into the guest VM. Systems running AMD hardware virtualization (AMD-V/SVM) under KVM are affected from kernel 2.6.32 through multiple stable branches, with the flaw enabling a low-privileged guest user to trigger a high-severity availability impact. No public exploit exists and EPSS stands at 0.02% (5th percentile), indicating very low current exploitation probability; however, the kernel maintainers tagged this for stable backports across six separate stable branches, reflecting broad deployment surface.

Code Injection Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Incorrect NextRIP state management in the Linux kernel's KVM nested SVM (nSVM) subsystem causes a denial-of-service condition affecting nested AMD virtualization environments from kernel 5.8 onward. After the first L2 VMRUN completes and NextRIP is updated by the CPU or KVM, a subsequent save/restore cycle incorrectly substitutes the stale current RIP in vmcb02, corrupting virtual machine control block state and crashing the nested guest or KVM subsystem. No active exploitation has been identified (not in CISA KEV, EPSS 0.02% at 4th percentile), and the vulnerability is strictly limited to AMD hosts with nested virtualization configured using NRIPS-disabled L1 guests with injected soft interrupts.

Linux Code Injection Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Nested SVM virtualization in the Linux kernel KVM subsystem can leave the host hypervisor (L1) running with corrupted page-table state when CR3 restoration fails during a nested #VMEXIT. The root function nested_svm_vmexit() returns an error code that most callers silently ignore, meaning the host continues executing against corrupt address-space mappings rather than triggering the shutdown behavior mandated by the AMD Architecture Programmer's Manual. The fix injects a triple fault - mirroring real hardware behavior - and continues cleanup to avoid leaving vCPU state partially torn down. No public exploit exists and EPSS is 0.02%, but the availability impact is high for any host running nested AMD virtualization.

Linux Code Injection Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the Linux kernel's netfilter nfnetlink_queue subsystem allows remote attackers to cause packet drops affecting availability when nfqueue is used without the NFQA_CFG_F_GSO capability flag. The flaw is a regression where the shared-unconfirmed conntrack check was performed after skb_gso_segment(), causing GSO UDP packets associated with unconfirmed nf_conn entries to be dropped instead of queued. EPSS is very low (0.02%) with no public exploit identified at time of analysis and no CISA KEV listing, indicating low real-world urgency despite the CVSS 7.5 availability score.

Linux Code Injection
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper locking in the Linux kernel's Microsemi Ocelot network switch driver (`net/mscc/ocelot`) allows a local low-privileged user on hardware running Ocelot switch chips to trigger a race condition in `ocelot_port_xmit_inj()`, potentially causing a kernel panic or system crash. Affected stable branches span 6.1.107-6.1.164, 6.6.48-6.6.127, and 6.10.7 through 6.11 release candidates, with patches confirmed in 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, and 7.0. No public exploit identified at time of analysis; EPSS at 0.02% (7th percentile) reflects extremely low exploitation probability, consistent with the hardware-specific trigger requirement and local-only attack vector.

Code Injection Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in the WPCode WordPress plugin (versions through 2.3.5) lets authenticated author-level users run arbitrary PHP on the server. Because the plugin registers its 'wpcode' custom post type without a dedicated capability_type, WordPress falls back to standard post capabilities, so any author can create and publish PHP snippet posts via the XML-RPC wp.newPost method, which are later passed to eval() when rendered through the [wpcode] shortcode. EPSS is modest at 0.44% (63rd percentile) and there is no public exploit identified at time of analysis, but the low privilege bar and full CIA impact make this a high-priority patch for any multi-author site.

Code Injection RCE PHP +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Remote code execution in the affiliate-toolkit WordPress plugin ("Multi-Network Affiliate & Amazon Product Display") affects versions up to and including 3.8.5, letting authenticated users with Editor-level access or higher run arbitrary PHP on the host. The flaw stems from the bundled BladeOne template engine's runString() method, which compiles attacker-supplied template content into PHP and executes it through eval() with no sanitization or sandboxing. There is no public exploit identified at time of analysis and EPSS sits at a low 0.24%, but the technical impact is total because a successful injection yields full server-side code execution.

Code Injection RCE PHP +1
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Arbitrary Perl code execution in the IO::Compress distribution (all versions before 2.220) lets an attacker who controls the output glob string passed to the bundled File::GlobMapper run arbitrary Perl at the calling process's privilege. The output glob is wrapped in double quotes and later handed to Perl's eval STRING, so an embedded double quote escapes the string context and the trailing characters execute as code. This is rated CVSS 7.3 and tagged RCE/Code Injection; no public exploit was identified at time of analysis and EPSS is very low (0.03%), but a vendor patch (2.220) and the fixing commit are publicly available.

Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Remote code execution in Yamcs (Yet Another Mission Control System) versions before 5.12.7 allows an authenticated user holding the ChangeMissionDatabase privilege to run arbitrary OS commands on the server host. The flaw lives in the JavaExprAlgorithmExecutionFactory, which dynamically compiles user-supplied algorithm text with the Janino compiler without any sandbox or restrictive ClassLoader, so injected Java (e.g. java.lang.Runtime.exec) executes with the privileges of the Yamcs process. A detailed proof-of-concept exploit using a REST PATCH to override an existing algorithm is publicly available in the vendor advisory; the issue is not listed in CISA KEV.

RCE Java Code Injection
NVD GitHub
EPSS 0%
MEDIUM PATCH This Month

VM escape in Kata Containers allows any Kubernetes user with pod-creation rights to break out of the VM sandbox and gain full read/write access to the host filesystem. All Kata Containers installations prior to commit ffa59ce3aa78 are affected when using the default configuration.toml, which enables the `virtio_fs_extra_args` and `kernel_params` pod annotations out of the box. An attacker crafts a pod with two annotations: one to redirect virtiofsd to serve the host root filesystem (`/`) into the guest VM, and a second to enable the agent debug console - after which the entire host filesystem is accessible from inside the supposedly isolated VM. A fully working proof-of-concept with confirmed output against Kata Containers 3.28.0 on Ubuntu 24.04 has been publicly disclosed; no public exploit confirmed as actively exploited (CISA KEV) at time of analysis.

Ubuntu Kubernetes Gitlab +3
NVD GitHub
EPSS 1%
HIGH PATCH This Week

Pre-authentication remote code execution affects FUXA, an open-source web-based SCADA/HMI platform, in versions >= 1.2.11 and < 1.3.1 (the advisory references build v1.3.0-2706). The flaw is a path-confusion authentication bypass: the login middleware performs a substring match against the full request URL (including the query string), so appending a benign-looking parameter such as ?x=/socket.io to any administrative request causes the server to treat it as a public WebSocket handshake and skip the secureEnabled and nodeRedAuthMode checks entirely. When Node-RED is enabled with command-capable nodes, this reaches the /nodered/* admin interface and yields code execution in the container context (advisory states 'as root'). The GitHub Security Advisory (GHSA-p69w-mmfv-xrfj) discloses the exact bypass payload, so publicly available exploit details exist; there is no CISA KEV listing and no public report of active exploitation at time of analysis.

RCE Code Injection
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

LDAP injection in Yamcs LdapAuthModule (yamcs-core < 5.12.7) enables horizontal privilege escalation for authenticated low-privilege users. By submitting a wildcard character as the username alongside a single known valid LDAP password, an attacker causes the unescaped LDAP search filter to match the first user returned by the directory query, effectively authenticating as that account. A proof-of-concept exploit is publicly available in the GitHub advisory; no CISA KEV listing exists, but the low attack complexity and published PoC make this a credible threat for any Yamcs deployment using LDAP authentication.

Java LDAP Privilege Escalation +1
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Metric injection in Mojolicious::Plugin::Statsd through version 0.04 for Perl allows remote unauthenticated attackers to inject arbitrary statsd metrics by supplying crafted values containing newlines, colons, or pipe characters - the delimiters of the statsd wire protocol. Applications that pass untrusted input directly into metric names or set values are affected. No public exploit exists and EPSS is 0.01% (1st percentile), placing this firmly in the low-priority tier despite network accessibility; exploitation requires attacker-controlled data to flow into metric collection paths.

Code Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Code injection in ThingsBoard 4.3.1.0 and 4.3.1.1 allows remote attackers to embed control characters and shell metacharacters into server-generated Docker Compose YAML files and MQTT publish commands via the /api/v1/provision endpoint's getGatewayDockerComposeFile and getMqttPublishCommand functions. Device credential fields - including clientId, userName, password, and credentialsId - are passed unsanitized into YAML and shell command construction, enabling injection of shell special characters such as $, backtick, and double-quote. No public exploit has been identified at time of analysis; SSVC rates exploitation as none and EPSS is 0.04%, though the RCE tag warrants scrutiny given the CVSS 4.0 score of only 2.3.

Code Injection RCE Thingsboard
NVD VulDB GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Content injection into SAP Gateway error messages exposes internal implementation details - specifically regex patterns and URI parsing logic - to authenticated remote attackers. Affecting SAP Gateway versions 750 through 758 and SAP_BASIS 795, the flaw allows an attacker with low-level network credentials to craft inputs that surface sensitive system internals via error responses. Confidentiality impact is rated low; integrity and availability are unaffected. No active exploitation is confirmed (CISA KEV absent), and EPSS sits at 0.01%, consistent with SSVC's 'exploitation: none' assessment.

Code Injection SAP Sap Gateway
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5 and 9.0 allows unauthenticated network attackers to execute arbitrary code via a specially crafted HTTP request. The CVSS 9.8 rating reflects complete confidentiality, integrity, and availability impact with no authentication or user interaction required, though EPSS scores it at only 0.20% probability and CISA SSVC reports no current exploitation. No public exploit has been identified at time of analysis, but IBM has released a patch.

Code Injection IBM RCE +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution and denial of service in IBM HTTP Server 8.5 and 9.0 affects deployments configured with TLS mutual (client certificate) authentication, where an attacker can trigger code injection (CWE-94) over the network without prior authentication. The flaw carries a CVSS 8.1 score with high attack complexity, and IBM has published a patch (advisory node/7274065); no public exploit has been identified at time of analysis and SSVC marks exploitation as 'none' with total technical impact.

Denial Of Service Code Injection IBM +2
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Host Header Injection in e107 CMS versions prior to 2.3.4 allows remote attackers to poison password reset emails by manipulating the HTTP Host header, producing reset links that point to attacker-controlled domains. Successful exploitation enables credential harvesting and full account takeover, including administrator accounts, when a victim clicks the malicious reset link. Publicly available exploit code exists per SSVC, though EPSS (0.13%) suggests low broad-scale exploitation activity and the issue is not on the CISA KEV list.

Code Injection E107
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

Remote code execution in OpenKM Community Edition (≤6.3.12) and Professional Edition (≤7.1.47) allows authenticated administrators to execute arbitrary Java/BeanShell code via the /admin/Scripting endpoint using the action=Evaluate parameter. Publicly available exploit code exists (Exploit-DB 52520 and a Nuclei template from Terra System Labs), though no active exploitation has been confirmed in CISA KEV; EPSS sits at 0.42% (62th percentile), reflecting moderate-but-not-widespread interest.

Code Injection Java RCE +2
NVD Exploit-DB GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Authenticated code injection in the VideoWhisper Broadcast Live Video WordPress plugin (versions before 7.1.3) lets a high-privileged user execute arbitrary PHP on the underlying host, yielding full confidentiality, integrity, and availability loss on the WordPress instance. No public exploit identified at time of analysis, and EPSS exploitation probability sits at 0.04% (14th percentile), but SSVC rates the technical impact as total. A vendor patch is available in 7.1.3.

Code Injection RCE Broadcast Live Video
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Code injection in Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 allows authenticated attackers to execute arbitrary PHP via the LDAP autovalues option, which previously evaluated user-influenced expressions as code. The upstream maintainers removed code evaluation support entirely in the fixed releases. EPSS sits at 0.05% (14th percentile) and there is no public exploit identified at time of analysis, but the issue is patched and rated CVSS 7.5.

Code Injection Webmail
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

CRLF injection in the hackney Erlang HTTP client library's hackney_cookie:setcookie/3 function enables HTTP response splitting against applications using versions 0.9.0 through before 4.0.1. While the function correctly validates the Name and Value cookie arguments against CRLF and control characters, it concatenates the domain and path options verbatim into the output iolist with no equivalent check, creating an injection point. An attacker who can influence the domain or path values passed to that function - for example, by submitting a crafted Host header or URL path that an application forwards directly into the cookie-setting call - can inject arbitrary additional Set-Cookie headers into the HTTP response. No public exploit identified at time of analysis per KEV absence, though SSVC confirms a proof-of-concept exists.

Code Injection Hackney
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

LDAP filter injection in Apache Airflow FAB Auth Manager (apache-airflow-providers-fab < 3.6.4) enables unauthenticated remote attackers to manipulate LDAP query logic by embedding special characters in login credentials, resulting in directory data exfiltration or authentication bypass. The vulnerability is confirmed by source code evidence: the `_search_ldap` and `_ldap_get_nested_groups` methods in `override.py` directly interpolated user-supplied input into LDAP filter strings without sanitization. No public exploit code has been identified at time of analysis and CISA KEV does not list this CVE, but the SSVC framework marks it as automatable, meaning exploitation can be scripted at scale against exposed Airflow instances using LDAP auth.

Authentication Bypass LDAP Apache +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Injection vulnerability in KLiK SocialMediaWebsite 1.0 allows remote unauthenticated attackers to submit crafted HTTP POST request parameters to the application's input handler, achieving partial compromise of confidentiality, integrity, and availability. Classified under CWE-74 and tagged as Code Injection, the flaw carries a CVSS 4.0 score of 5.5 (Medium) with confirmed proof-of-concept exploit code publicly available (E:P). Despite the POC, EPSS places exploitation probability at 0.04% (14th percentile), indicating low observed real-world exploitation activity and a narrow effective target base.

Code Injection Klik Socialmediawebsite
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Injection via HTTP GET request parameter manipulation in KLiK SocialMediaWebsite 1.0 allows remote attackers to inject arbitrary content or code through the application's parameter handler, contingent on passive user interaction. The vulnerability carries a CVSS 4.0 base score of 2.1, reflecting limited confidentiality, integrity, and availability impact scoped exclusively to the vulnerable system with no lateral impact. Publicly available exploit code exists per the E:P exploit maturity metric and SSVC poc classification, though EPSS at 0.04% (13th percentile) and the non-KEV status indicate no observed widespread exploitation.

Code Injection Klik Socialmediawebsite
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Code injection in NousResearch hermes-agent 2026.4.23 allows remote unauthenticated attackers to inject and execute arbitrary code through the _scan_context_content function in agent/prompt_builder.py. The vulnerability has publicly available exploit code and affects all versions up to 2026.4.23, with the vendor failing to respond to disclosure attempts.

Code Injection Hermes Agent
NVD VulDB GitHub
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection PHP RCE
NVD Exploit-DB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Remote code injection in vps-inventory-monitoring allows authenticated attackers to execute arbitrary PHP code through the VpsTest console command. The vulnerability exists in the eval() function within VpsTest.php, exploitable by manipulating the 'vf' parameter with low attack complexity. Publicly available exploit code exists (GitHub POC published), and the maintainer has not responded to early disclosure attempts. CVSS 6.3 reflects moderate impact across confidentiality, integrity, and availability, with EPSS data unavailable but risk elevated by confirmed POC and unresponsive vendor.

PHP Code Injection RCE
NVD VulDB GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Spreadsheet formula injection in Best Practical Request Tracker (RT) allows a low-privileged authenticated attacker to embed malicious formulas in ticket fields that execute when an administrator or staff member exports data to CSV and opens the file in a spreadsheet application. Affected versions span the entire RT 5.0 line prior to 5.0.10 and RT 6.0.0 through 6.0.2. No public exploit code has been identified at time of analysis and no CISA KEV listing exists, but the attack surface is broad given that CSV exports are a routine administrative workflow in ticketing systems.

Code Injection Rt
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Arbitrary certificate disclosure in Apache CXF's XKMS server lets remote attackers abuse an LDAP injection flaw (CWE-90) in the LDAP-backed certificate repository to retrieve certificates they are not authorized to see. Affected builds span Apache CXF 3.x before 3.6.11, 4.0.0-4.1.x before 4.1.6, and 4.2.0 before 4.2.1; the issue was reported by Apache itself and fixed in those releases. No public exploit identified at time of analysis, EPSS is very low (0.02%, 4th percentile), and CISA SSVC scores exploitation as 'none' with only 'partial' technical impact.

Code Injection LDAP Apache +1
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Arbitrary PHP code execution in Twig templating engine versions 3.15.0 through 3.25.x allows attackers who control template source to inject raw PHP into the compiled template via the `_self.(<string>)` dynamic-attribute macro-reference path, fully bypassing the SandboxExtension. The flaw executes injected code at template-load time, before any SecurityPolicy check runs, rendering even a globally-enabled empty allowlist sandbox ineffective. No public exploit identified at time of analysis, but the vendor advisory describes the bypass mechanism in enough detail that PoC development is straightforward.

PHP Code Injection RCE
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

{% use %}` tags to break out of compiled cache file string literals and execute arbitrary PHP code. The flaw bypasses the Twig sandbox entirely because `SecurityPolicy` unconditionally permits `{% use %}` regardless of `allowedTags` configuration. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-7p85-w9px-jpjp) discloses the full exploitation primitive.

PHP Code Injection RCE
NVD GitHub
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Transcript malleability in the Plonky3 p3-challenger crate (MultiField32Challenger) allows a malicious prover to craft distinct observation streams that collapse to identical Fiat-Shamir challenges, breaking the soundness binding of the SNARK transcript. Affected versions are p3-challenger < 0.4.3 and 0.5.0-0.5.2, with fixes shipped in 0.4.3 and 0.5.3. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; risk is primarily to ZK proof system integrity rather than confidentiality.

Code Injection
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Unsafe default code execution in InternLM LMDeploy (<=0.12.3) lets a malicious Hugging Face model repository run arbitrary Python on the host whenever a user loads it through any LMDeploy CLI (serve, calibrate, gptq, awq). The library hardcodes transformers.AutoConfig.from_pretrained(..., trust_remote_code=True) in get_model_arch and related helpers with no flag, env var, or warning to opt out, overriding HF Transformers' default-secure stance. No public exploit identified at time of analysis, and exploitation requires the user to load an untrusted repo, so risk is hardening-level rather than network-reachable RCE.

Code Injection Python RCE
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in InternLM lmdeploy <= 0.12.3 occurs because trust_remote_code=True is hardcoded across HuggingFace model-loading call sites in lmdeploy/archs.py and lmdeploy/utils.py. An attacker who can influence the model_path passed to an lmdeploy serving process can point it at a malicious HuggingFace repository, causing Transformers to download and execute attacker-controlled Python code with the privileges of the serving daemon. Publicly available exploit code exists in the GHSA advisory, and an upstream fix has been merged via PR #4511 (fixed in 0.13.0).

Kubernetes Code Injection RCE +2
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Catalog zone transfer failure in PowerDNS Authoritative can be triggered by a high-privileged remote attacker who injects insufficiently validated member zone data, causing the catalog zone transfer mechanism to abort and preventing secondary nameservers from receiving zone updates. The impact is a targeted denial-of-service against DNS zone replication infrastructure, affecting any deployment using catalog zones (RFC 9432). No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

RCE Code Injection Authoritative
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

LDAP filter injection in Netatalk 2.1.0 through 4.4.2 enables an authenticated remote attacker to manipulate LDAP query logic, potentially reading or modifying directory entries beyond their authorization scope. The CVSS score of 4.2 (Medium) reflects real but bounded impact - high attack complexity and a requirement for low-privilege authentication constrain opportunistic exploitation. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

LDAP Code Injection Suse
NVD VulDB
EPSS 0% CVSS 9.5
CRITICAL PATCH Act Now

Unauthenticated remote code execution in phenixdigital phoenix_storybook 0.5.0 through versions before 1.1.0 allows attackers to execute arbitrary Elixir code on the server by abusing the psb-assign WebSocket event to inject HEEx template expressions. The flaw stems from attribute values being interpolated verbatim into HEEx templates that are then compiled and evaluated with full Kernel imports and no sandbox. Publicly available exploit code exists via the upstream commit and GHSA advisory, though no public exploit identified at time of analysis for in-the-wild use; CVSS 4.0 score is 9.5.

Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

Code injection in Mesalvo Meona Client Launcher Component (through 19.06.2020 15:11:49) and Meona Server Component (through 2025.04 5+323020) allows an authenticated, low-privileged attacker to execute code on other users' systems via crafted input that crosses a scope boundary, with user interaction required on the victim side. CVSS 9.0 reflects the cross-user/cross-system impact (Scope:Changed) and full CIA compromise; no public exploit identified at time of analysis. The product is a clinical/healthcare workflow platform, so successful exploitation can pivot between hospital workstations and the server tier.

Code Injection RCE Meona Client Launcher Component +1
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

DNS cache poisoning in NLnet Labs Unbound 1.25.0 and earlier allows an adjacent-network attacker to inject malicious resource records into the resolver's cache by exploiting insufficient validation of authority-section RRSets. By attaching forged non-NS RRSets (such as MX records) with accompanying address records in spoofed or fragmented DNS replies, an attacker can trick Unbound into caching poisoned entries when the authority RRSet carries sufficient trust as in-zone delegation data. Publicly available proof-of-concept exploit code exists (CVSS 4.0 E:P); this is a complement fix to CVE-2025-11411, meaning systems that patched the prior vulnerability but have not upgraded to 1.25.1 remain exposed.

Code Injection Suse Red Hat
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Object injection in Drupal Core across branches 8.0.0 through 11.3.x allows a network-accessible, highly privileged authenticated user to manipulate dynamically-determined object attributes, with potential full compromise of confidentiality, integrity, and availability. The CVSS vector (AV:N/AC:H/PR:H) confirms this is a network-reachable flaw but imposes steep prerequisites: administrator-level access and high attack complexity. No public exploit code or confirmed active exploitation has been identified at time of analysis.

Code Injection Drupal Core
NVD VulDB
Prev Page 4 of 54 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy