Skip to main content

Code Injection

web CRITICAL

Code injection occurs when an application accepts user input and passes it directly into a language interpreter or evaluator without proper sanitization.

How It Works

Code injection occurs when an application accepts user input and passes it directly into a language interpreter or evaluator without proper sanitization. Unlike command injection (which targets the OS shell), code injection exploits the application's own scripting engine—Python's eval(), PHP's eval(), JavaScript's eval(), Ruby's instance_eval(), or similar dynamic execution functions. The attacker crafts input that, when interpreted, executes arbitrary code within the application's runtime context.

Common attack vectors include server-side template engines where user input reaches expression evaluators, configuration files that are dynamically loaded and executed, code validators that ironically execute the code they're supposed to check, and endpoints that process serialized objects or callable definitions. In Python applications, decorators evaluated at class definition time present particularly dangerous targets since they execute before any runtime validation occurs.

The exploitation chain typically begins with identifying an endpoint that processes structured input—API parameters, file uploads, configuration snippets. The attacker then crafts payloads that break out of intended data contexts into executable code contexts. For instance, injecting @os.system('whoami') as a decorator definition, or embedding {{ ''.__class__.__mro__[1].__subclasses__() }} in template syntax to access Python internals and escalate to operating system commands.

Impact

  • Complete server compromise — execute arbitrary Python, PHP, Ruby, or JavaScript code with application privileges
  • Operating system command execution — break out from language runtime to system shell via subprocess calls
  • Data exfiltration — read database credentials, environment variables, source code, and business data
  • Persistence establishment — modify application files, inject backdoors, create scheduled tasks
  • Lateral movement — leverage server access to attack internal network resources and connected services

Real-World Examples

A critical vulnerability in Langflow, a popular AI workflow framework with over 50,000 GitHub stars, exposed an unauthenticated /api/v1/validate/code endpoint meant to check Python code safety. Attackers discovered they could inject malicious decorators into class definitions. Since Python evaluates decorators at class definition time-before the AST validation logic even ran-the payload executed immediately when passed to exec(). This provided complete remote code execution without authentication.

Web template engines frequently suffer from code injection when developers allow user content in template expressions. An attacker might inject {{7*7}} to test for evaluation, then escalate to {{config.items()}} to dump Flask configuration, ultimately reaching {{''.__class__.__bases__[0].__subclasses__()}} to navigate Python's object hierarchy and invoke system commands.

Configuration management systems that dynamically import or evaluate user-supplied configuration have enabled attackers to inject executable code disguised as YAML anchors, JSON with embedded expressions, or INI files with interpreted sections.

Mitigation

  • Eliminate dynamic code execution — refactor to use data-driven approaches instead of eval(), exec(), Function(), or similar constructs
  • Abstract Syntax Tree (AST) allowlisting — if code execution is unavoidable, parse input into AST and validate against a strict allowlist of permitted operations before execution
  • Sandboxed execution environments — use restricted interpreters (Python's RestrictedPython), containers, or separate processes with minimal privileges
  • Remove or authenticate debug/validation endpoints — code validators and test endpoints are prime targets
  • Input type enforcement — accept only serialized data formats (JSON, Protocol Buffers) that cannot contain executable code
  • Defense in depth — run application with minimal OS privileges, use network segmentation, monitor for unusual subprocess creation

Recent CVEs (4831)

POC PATCH This Week

The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action (it allows any edit_posts user), so a Contributor can import a template containing an Elementor HTML widget configured to display site-wide, injecting JavaScript that executes in the session of any visitor or administrator who loads the site.

Code Injection WordPress Header Footer Builder For Elementor
NVD WPScan
POC PATCH This Week

The BetterDocs WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and outputting it, and the feature that generates it is exposed to unauthenticated users, allowing them to store a malicious payload via prompt injection that executes in the browser of any visitor who views the affected page, including administrators.

Code Injection WordPress Betterdocs
NVD WPScan
CVSS 9.0
CRITICAL PATCH Act Now

Reflection-based remote code execution in DataEase before 2.10.23 lets an authenticated operator who can configure a Redshift datasource achieve arbitrary code execution on the server. The Redshift JDBC driver loads an attacker-controlled rsjdbc.ini from the system temp directory and honors a malicious socketFactory pointing at Spring's FileSystemXmlApplicationContext, turning a normal JDBC connection into a code-execution chain. No public exploit is identified at time of analysis and it is not in CISA KEV, but the vendor has confirmed and patched the flaw in 2.10.23.

RCE Code Injection Dataease
NVD GitHub
CVSS 7.2
HIGH PATCH This Week

Server-side arbitrary code execution in TDengine time-series database (versions prior to 3.4.1.15) allows a database user holding the 'create udf' privilege to upload a malicious shared library, register it as a user-defined function (e.g. named 'eval'), and execute attacker-controlled native C code on the server by invoking that function through ordinary SQL queries. This is a privileged-user code injection issue (CWE-94) with high confidentiality, integrity, and availability impact; no public exploit identified at time of analysis and it is not listed in CISA KEV. The flaw is fixed in version 3.4.1.15.

RCE Code Injection
NVD GitHub
MEDIUM PATCH This Month

Authenticated injection of TIME_TRACKING and REMINDER note types in MantisBT's SOAP and REST APIs allows UPDATER-level users to corrupt billing data and falsify project records. The `note_type` integer parameter supplied by the caller is passed directly to `bugnote_add()` in the SOAP endpoint - and through `mc_issue_update()` in the REST API - without verifying the caller holds sufficient privilege to create that note type. Attackers with UPDATER access can inject arbitrary billable hours into MantisBT's billing reports, generating fraudulent invoices, and can register fake REMINDER notes via SOAP. No public exploit is identified at time of analysis, and a vendor patch is available in version 2.28.4.

PHP Code Injection
NVD GitHub
HIGH PATCH This Week

Authenticated remote code execution in MantisBT versions 1.3.0 through 2.28.3 allows an administrator to run arbitrary PHP as the web server user (www-data) via the 'Manage Configuration' page (adm_config_set.php). When a config value is stored with a non-string type, the ConfigParser/Tokenizer path calls eval() on attacker-controlled code guarded only by a 'return;' prefix; because PHP hoists class and function declarations at compile time regardless of the return, an attacker can plant a class that later hijacks the autoloader. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw was reported privately by watchTowr and fixed in 2.28.4.

PHP RCE Code Injection
NVD GitHub
CVSS 8.7
HIGH PATCH This Week

Configuration injection in F5 NGINX Ingress Controller lets an authenticated Kubernetes user with rights to create or modify Ingress CRDs or annotations smuggle arbitrary NGINX directives into the generated configuration. Because multiple user-controllable fields are written to the config without sanitization, an attacker can inject directives that create or delete files and disable services on the control plane. No public exploit identified at time of analysis; this is a control-plane-only issue with no data plane exposure, but the CVSS 4.0 score of 8.7 (High) reflects strong confidentiality and integrity impact.

Nginx Kubernetes Code Injection +1
NVD
CVSS 8.6
HIGH PATCH This Week

Arbitrary code execution in PraisonAI (praisonaiagents) before 1.6.78 lets an attacker who can drop a Python file into a plugin directory run their own code. The plugin manager auto-discovers and executes any .py file found in project-level or user-home .praisonai/plugins/ directories at initialization, with no code signing, integrity checks, or sandboxing. VulnCheck reported it under CWE-94; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Python Path Traversal RCE +2
NVD GitHub
CVSS 8.5
HIGH PATCH This Week

Code injection in PraisonAI before 4.6.78 lets attackers who control deployment configuration achieve arbitrary Python execution because the API-server deployment generator fails to safely encode the deploy.api.host and agents_file values before emitting them into generated Python source (CWE-94). Injected expressions run when the generated API server starts or handles requests, yielding full code execution in the server process. No public exploit is identified at time of analysis; the flaw was reported by VulnCheck and a vendor patch is available.

Python RCE Code Injection +1
NVD GitHub
CVSS 8.7
HIGH PATCH This Week

Stored server-side template injection in Grav's bundled Flex Objects plugin (getgrav/grav-plugin-flex-objects) before 1.4.0 lets a low-privileged content author inject Twig code through the dynamic collection/object title frontmatter, which is passed unsanitized to template_from_string() and executed. Because the title path bypasses Grav's Security::cleanDangerousTwig() filter, an attacker can reach internal Grav services such as the scheduler and escalate arbitrary Twig evaluation to full remote command execution. Reported by VulnCheck with a CVSS 4.0 base score of 8.7 (High); no public exploit identified at time of analysis and it is not listed in CISA KEV.

RCE Code Injection Grav
NVD GitHub
CVSS 10.0
CRITICAL PATCH Act Now

NDJSON injection in Wazuh Manager before 5.0.0-beta3 lets any enrolled agent smuggle arbitrary OpenSearch bulk operations because the DataValue.index field is not escaped when the manager builds inventory-sync bulk requests. Because those requests execute under the manager's OpenSearch admin credentials, a single low-trust agent can delete documents, tamper with alerts, and manipulate SIEM state across all other agents. Rated CVSS 10.0 by the reporter (VulnCheck); no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Wazuh
NVD GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx inserts the android:versionName value from an AndroidManifest into the generated app/build.gradle Groovy template without proper sanitization when exporting a decompiled APK as an Android Gradle project. A malicious APK can break out of the string context so that opening or building the exported Gradle project executes attacker-controlled Groovy code on the victim machine. This issue is fixed in version 1.5.6.

Google Java RCE +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in Aetopia Digital Asset Management (DAM) v1.0.0 is achievable through a server-side template injection flaw: attacker-controlled input in the 'name' and 'description' parameters of the Add/Update Project function is evaluated by the server-side template engine, letting an attacker run arbitrary code on the host. NVD scores this CVSS 9.8 (network, low complexity, no privileges required), and a public researcher writeup detailing the SSTI exists on the eslam3kl GitBook; however, there is no public exploit identified as weaponized code and it is not listed in CISA KEV, so it is not confirmed as actively exploited. Note the CVSS PR:N rating conflicts with the fact that Add/Update Project is normally an authenticated application feature.

RCE Code Injection
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Code injection (CWE-94) in Adobe ColdFusion 2023 (Update 21 and earlier) and ColdFusion 2025 (Update 10 and earlier) allows a low-privileged, network-adjacent attacker to execute arbitrary code in the context of the current user without any user interaction. Because the CVSS scope is changed, successful exploitation can extend impact beyond the vulnerable component to the underlying host. There is no public exploit identified at time of analysis and the EPSS probability is low (0.43%, 35th percentile), but the near-maximum CVSS of 9.9 and Adobe's own PSIRT reporting make this a high-priority patch.

RCE Code Injection Coldfusion
NVD VulDB
EPSS 2% 5.4 CVSS 7.2
HIGH POC KEV THREAT Act Now

Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands.

RCE Code Injection Sma1000
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in Microsoft .NET Framework (and .NET 8.0/9.0 plus Visual Studio 2022/2026) via code injection (CWE-94) that lets an unauthorized attacker run code with full confidentiality, integrity, and availability impact after a victim is tricked into interacting with attacker-supplied content. Microsoft reported the issue and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Exploitation requires local access and user interaction (UI:R), which meaningfully limits mass-exploitation despite the high 7.8 CVSS score.

RCE Code Injection Net 8 0 +10
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

HTTP Response Splitting in Fortinet FortiOS and FortiProxy captive portal authentication flows enables a man-in-the-middle attacker to inject arbitrary HTTP headers into intercepted authentication requests. Affected platforms span FortiOS 7.2-7.6.4 and FortiProxy 7.2-7.6.4. The CVSS temporal vector includes E:P, confirming proof-of-concept exploit code exists; however, no active exploitation has been confirmed via CISA KEV. The RL:O temporal indicator confirms an official remediation is available per vendor advisory FG-IR-26-153.

Fortinet Code Injection Fortipam +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

HTTP Response Splitting in Fortinet FortiOS and FortiProxy enables an attacker who holds a valid web filter override token to inject arbitrary HTTP headers into server responses by tricking a user into clicking a crafted link. Affected versions span FortiOS 7.2 through 7.6.4 and FortiProxy 7.2 through 7.6.4. No active exploitation has been confirmed by CISA KEV, though the CVSS temporal vector includes E:P, indicating partial proof-of-concept evidence exists. Real-world impact is constrained by the requirement to possess a valid web filter override token and to achieve user interaction.

Fortinet Code Injection Fortios +2
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

Script injection in SAP CRM WebClient UI is enabled by absent Content Security Policy (CSP) directives for certain restrictive headers, allowing an authenticated low-privileged attacker to inject malicious JavaScript that executes in a victim user's browser session. The CVSS vector (PR:L/UI:R/S:C) confirms this requires both an authenticated attacker and victim interaction, with a cross-scope impact consistent with browser-context script execution. No public exploit code or CISA KEV active exploitation listing has been identified at time of analysis, and impact is bounded to low integrity with no confidentiality or availability consequence.

SAP Code Injection Sap Crm Webclient Ui
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Ban-list poisoning in OpenWrt's luci-app-banip (banIP) before 1.8.10 lets an unauthenticated remote attacker steer the automated IP-blocking engine at an arbitrary victim. Because the awk-based log monitor grabs the first IPv4 address it finds on a log line regardless of field position, an attacker can embed a spoofed IP inside an attacker-controlled field such as a login username; banIP then bans that injected address while the real attacker's source IP is never blocked. Reported by VulnCheck with a vendor patch available; no public exploit code or active exploitation is identified at time of analysis.

Code Injection Luci
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Incorrect equality comparison in CedarJava (cedar-java) versions before 4.9.0 causes EntityIdentifier.equals() to return true when comparing against null and false when comparing an object to itself, due to inverted null/self-reference branches. Cedar's actual authorization decisions are unaffected because they are computed in Rust from JSON, but integrators who call equals() on entity identifiers in their own Java logic may make incorrect trust or access decisions. No public exploit identified at time of analysis; the issue is fixed in 4.9.0.

RCE Code Injection Java +1
NVD GitHub
EPSS 1% CVSS 9.5
CRITICAL Act Now

Remote code execution in the ServiceNow AI Platform allows an unauthenticated attacker, under certain (unspecified) circumstances, to execute arbitrary code within the ServiceNow platform, carrying a critical CVSS 4.0 base score of 9.5. ServiceNow has patched hosted instances directly and issued fixes to self-hosted customers and partners; there is no public exploit identified at time of analysis, and the vendor states it is not currently aware of exploitation. The high CVSS complexity metric (AC:H) indicates the exploit is not trivially reproducible against arbitrary instances, tempering the otherwise maximal impact rating.

RCE Servicenow Ai Platform Code Injection
NVD VulDB
CVSS 9.9
CRITICAL PATCH Act Now

Authenticated remote code execution in DIRAC's RequestManagementSystem lets any logged-in grid user run arbitrary commands as the DIRAC service account, enabling full compromise of the DIRAC installation. The flaw stems from an eval() call reachable through the export_getRequestCountersWeb service method, and successful exploitation exposes dirac.cfg secrets, database credentials, and all stored user proxies and tokens. Rated CVSS 9.9; no public exploit code has been released, though the vendor advisory documents a complete working exploitation path.

RCE Code Injection
NVD GitHub
CVSS 4.8
MEDIUM PATCH This Month

Stored XSS in Decidim's HTML content blocks allows any administrator with landing-page editing rights to persist arbitrary JavaScript that executes in every visitor's browser. The vulnerability affects the decidim-core RubyGem across three release branches (below 0.30.9, 0.31.5, and 0.32.0) and was confirmed through a professional security audit by Radically Open Security. No public exploit code or CISA KEV listing exists; vendor-released patches are available and the fix has been merged upstream.

RCE Code Injection XSS
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Man-in-the-middle interception of Apache Airflow's Git provider (apache-airflow-providers-git before 0.4.1) is possible because git-over-SSH operations run with StrictHostKeyChecking=no by default, so no SSH host-key verification occurs. An attacker positioned on the network path between an Airflow worker and its Git server can impersonate the server to steal the SSH deploy key or inject malicious DAG content, leading to code execution on workers. No public exploit identified at time of analysis, and it is not listed in CISA KEV; CVSS is 8.1 (High) driven by high attack complexity (AC:H) requiring an on-path position.

Code Injection Apache Apache Airflow Git Provider
NVD GitHub VulDB
EPSS 0% CVSS 4.5
MEDIUM This Month

CSV formula injection in the PrestaShop module 'The Firmware' version 8.2.1 enables an authenticated attacker to inject malicious spreadsheet expressions via the unsanitized 'Alias' parameter in the address update function. When a victim subsequently exports account data using the 'Get my data in CSV' feature and opens the file in a spreadsheet application, the injected formula executes in that application's context, potentially exfiltrating the victim's personal data or executing commands on their workstation. No public exploit code or CISA KEV listing has been identified at time of analysis; the CVSS 4.0 score of 4.5 reflects the high-privilege and user-interaction prerequisites that constrain exploitability.

Code Injection The Firmware
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Remote code injection in the Realtyna Organic IDX WordPress plugin (real-estate-listing-realtyna-wpl) affects all versions up to and including 5.2.0, allowing remote attackers to inject and execute arbitrary code (described as 'Remote Code Inclusion') against affected WordPress sites. Patchstack assigned a maximum CVSS 3.1 base score of 10.0 with an unauthenticated network vector and scope change, indicating full compromise of the host. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Code Injection RCE Realtyna Organic Idx Plugin
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Server-Side Template Injection in Centreon's centreon-open-tickets module enables authenticated users to achieve remote code execution on the Centreon Infra Monitoring server. The message_confirm field is persisted without sanitization and later rendered by the Smarty template engine with no security policy applied, so injected template directives execute as server-side code. Rated CVSS 9.6 with a scope change; no public exploit identified at time of analysis and no EPSS score supplied, but the low authentication barrier and RCE outcome make this a high-priority patch.

Code Injection RCE Infra Monitoring
NVD GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

Code injection in DedeCMS 5.7.118 exposes high-privileged remote attackers to arbitrary PHP code execution via the Column Name parameter in the Column Management component of `/plus/search.php`. The exploit document on GitHub describes a cache file writing mechanism through which attacker-supplied input is persisted to disk and subsequently executed by the PHP runtime. A public proof-of-concept exists; no active exploitation is confirmed in the CISA KEV catalog.

Code Injection PHP RCE +1
NVD VulDB GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Improper URL encoding in Apache Gravitino versions 1.0.0 through 1.2.0 lets remote attackers inject crafted path segments through unencoded, user-supplied metadata identifiers, redirecting or manipulating the internal HTTP requests Gravitino issues on the user's behalf. Because the CVSS vector (AV:N/PR:N) indicates no authentication and yields a 9.1 Critical score with high confidentiality and integrity impact, an attacker can potentially reach unintended endpoints, tamper with metadata operations, or exfiltrate data from back-end catalog services. No public exploit identified at time of analysis, and the flaw is fixed in version 1.2.1.

Apache Code Injection Gravitino
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Remote code injection in pig-mesh Pig's pig-codegen module through version 3.9.2 allows low-privileged authenticated attackers to execute arbitrary code server-side via the GeneratorServiceImpl component, reachable over the network. A publicly available proof-of-concept exploit exists at GitHub (sombra0316/CVE-2026), elevating the urgency for defenders. No vendor patch has been released, and the vendor did not respond to responsible disclosure, leaving affected deployments without an official remediation path.

Code Injection Java RCE +1
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC Monitor

Code injection in SonicCloudOrg sonic-agent through version 2.7.2 allows remote unauthenticated attackers to inject and execute arbitrary code via the ExchangeController endpoint, which bypasses or is excluded from the JWT Authentication Filter. The vulnerability carries a public proof-of-concept exploit named 'Unauth_ExchangeSend', confirming the endpoint is reachable without authentication. Critically, the affected product is end-of-life with no vendor support, and the maintainer did not respond to disclosure - no patch is forthcoming.

Code Injection Java RCE +1
NVD VulDB GitHub
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in PraisonAI before 1.6.78 allows attackers to run arbitrary Python on the host by manipulating the LLM that drives the CodeAgent component. Because CodeAgent._execute_python() runs LLM-generated code with no AST validation, import restrictions, or sandbox, an attacker who can shape model output via prompt injection can exfiltrate all environment secrets and gain full control of the agent host. VulnCheck reports the flaw with a maximum CVSS 4.0 score of 10.0; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Python RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated account takeover in the Essential Addons for Elementor WordPress plugin (versions ≤ 6.6.10) lets a Contributor-or-above user inject a Bcc header into WordPress's administrator password-reset email via the plugin's Login/Register widget, capturing a valid admin reset link and seizing the site. The flaw stems from an email-header (CRLF) injection where the allowed-values check is enforced only in the browser editor, not server-side. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; the vendor fixed it in version 6.6.11.

WordPress Code Injection Essential Addons For Elementor Popular Elementor Templates Widgets
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated remote code execution in the Smackcoders WP Ultimate CSV Importer WordPress plugin (versions up to and including 8.0.1) lets a low-privileged Subscriber run arbitrary PHP on the server. Missing capability checks on the install_addon, saveMappedFields, and StartImport AJAX handlers, plus a plugin nonce leaked to any authenticated admin-page viewer, let an attacker install the WooCommerce add-on, persist PHP expressions in the MappedFields parameter, and force their evaluation through eval() in ImportHelpers::get_meta_values(). No public exploit is identified at time of analysis, and the flaw is not in CISA KEV; with an EPSS signal not provided, the CVSS 8.8 and trivial subscriber prerequisite make it a high patch priority.

Code Injection WordPress PHP +2
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Object injection in Drupal Core through improperly controlled modification of dynamically-determined object attributes (CWE-915) exposes sites to high-severity confidentiality and integrity compromise when triggered by an authenticated user with high privileges. Affected branches include the entire 10.x line before 10.5.12 and 10.6.11, the fully unsupported 11.0.x and 11.1.x trees, and the 11.2.x and 11.3.x lines before 11.2.14 and 11.3.12 respectively. No active exploitation is confirmed (not in CISA KEV) and EPSS sits at just 0.16% (6th percentile), making this a patch-priority rather than emergency-response scenario.

Code Injection Drupal Core
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Object injection via a mass assignment flaw in Drupal Core enables an authenticated administrator to manipulate dynamically-determined PHP object attributes, potentially compromising confidentiality and data integrity of the application. Affected versions span multiple active and end-of-life branches: 10.5.x through 10.5.12, 10.6.0 through 10.6.11, 11.2.0 through 11.2.14, 11.3.0 through 11.3.12, and the entirely unsupported 11.0.x and 11.1.x branches. No public exploit code is identified at time of analysis, and EPSS at 0.16% (6th percentile) signals very low observed exploitation activity despite the C:H/I:H impact potential.

Code Injection Drupal Core
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Object injection in the Drupal ECA (Event - Condition - Action) contributed module exposes sites running affected versions to limited confidentiality and integrity compromise by authenticated low-privileged users. The vulnerability stems from improperly controlled modification of dynamically-determined object attributes (CWE-915, a mass-assignment class of flaw), allowing a crafted request to inject object properties and influence internal application logic within ECA's event-driven workflow engine. No confirmed active exploitation exists, and EPSS at 0.20% (10th percentile) reflects low observed threat pressure across the landscape, though a vendor patch has been issued per the Drupal security advisory.

Code Injection Eca
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Object injection in the Drupal Tealium iQ Tag Management contributed module (versions before 2.4.0) lets authenticated attackers manipulate dynamically-determined object attributes to compromise data confidentiality and integrity. Because the CVSS vector (AV:N/AC:L/PR:L) indicates a low-privileged authenticated user over the network, any user with a foothold on the site can potentially abuse the flaw; there is no public exploit identified at time of analysis and the EPSS probability is low (0.42%). Drupal has published advisory SA-CONTRIB-2026-064 and released a fixed version.

Code Injection Tealium Iq Tag Management
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Object injection in the Drupal Plotly.js Graphing contributed module (all releases 0.0.0 through 3.0.2) lets an authenticated attacker with low privileges tamper with dynamically-determined object attributes, undermining both confidentiality and integrity of the site. The flaw stems from improperly controlled modification of object properties (CWE-915), and the network-reachable, low-complexity CVSS 3.1 vector (8.1) reflects meaningful severity; however, EPSS is only 0.16% (6th percentile) and no public exploit identified at time of analysis. It is not listed in CISA KEV.

Code Injection Plotly Js Graphing
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Object injection in the Drupal contrib module Flag attendance field (all versions up to and including 1.2) lets an authenticated user with low privileges pass attacker-controlled data into a dynamically-determined object attribute (CWE-915), enabling PHP object injection and high-impact compromise of data confidentiality and integrity. The Drupal Security Team published advisory SA-CONTRIB-2026-049 and a fixed release is available. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.17%, 7th percentile).

Code Injection Flag Attendance Field
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Object injection in the Drupal Formatter Field contributed module (all versions from 0.0.0 up to but not including 2.0.0) allows remote unauthenticated attackers to improperly modify dynamically-determined object attributes, potentially leading to arbitrary code execution or full site compromise. The flaw carries a CVSS 9.8 rating, but with no public exploit identified and a low EPSS probability (0.17%, 7th percentile), and SSVC currently rates exploitation as 'none'. A vendor patch is available via Drupal advisory SA-CONTRIB-2026-048.

Code Injection Formatter Field
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

PHP object injection in the Drupal AlternativeCommerce (Basket) contributed module (all versions up to and including 2.1.17) allows remote unauthenticated attackers to modify dynamically-determined object attributes and inject crafted objects into the application. Successful exploitation can lead to code execution or full compromise of the Drupal site, with CVSS 3.1 scoring it 9.8 (Critical). No public exploit identified at time of analysis, and EPSS is low at 0.16% (6th percentile), indicating no observed exploitation activity yet despite the high severity rating.

Code Injection Drupal Alternativecommerce Basket
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Sensitive configuration exfiltration in Grav CMS before 2.0.2 lets an authenticated page author bypass the Twig sandbox and read the full config tree, including plugin SMTP credentials, API keys, and database passwords. The flaw is an incomplete fix for the earlier GHSA-j274-39qw-32c9 sandbox escape: the redacted 'config' facade is still trivially bypassed through the allow-listed grav.offsetGet('config') call. No public exploit has been identified at time of analysis, though the bypass technique is fully described in the vendor advisory.

Code Injection PHP RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Remote code execution in PraisonAI before 4.6.78 lets an attacker who can supply the agents_file parameter to deploy/api.py run arbitrary Python, because that value is interpolated directly into an f-string that is later executed as generated server code via subprocess.Popen(). The CVSS 4.0 base score is 9.4 and the vector requires high privileges (PR:H), meaning the attacker must already be able to reach and drive the deployment API. No public exploit has been identified at time of analysis and it is not on the CISA KEV list.

Code Injection Python RCE +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Cookie attribute injection in elixir-plug's Plug library allows a remote attacker who can supply values reflected into `Set-Cookie` headers to inject the `;` delimiter and override attributes such as `Domain`, `Path`, `Secure`, and `HttpOnly`. Applications calling `Plug.Conn.put_resp_cookie/4` with user-controlled data - for example, reflecting a username or preference value - are exposed to session fixation and cookie tossing across five supported release lines (0.1.0 through 1.20.2). No public exploit code or CISA KEV listing is present at time of analysis, but the attack is mechanically straightforward wherever the vulnerable code pattern exists.

Code Injection
NVD GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Arbitrary OS command execution in Vim prior to 9.2.0736 arises from the bundled PHP omni-completion script (runtime/autoload/phpcomplete.vim), which interpolates an attacker-controlled class or trait name from the edited buffer into a search() pattern executed via win_execute() without escaping. When a victim opens a crafted PHP file and invokes omni-completion, a name containing a single quote breaks out of the search string and the trailing text is honored as Ex commands, letting an attacker run shell commands through :! . There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is fixed and the mechanism is well documented in the vendor advisory.

Code Injection PHP RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Arbitrary Ex command execution in Vim before 9.2.0735 arises from its C omni-completion script (runtime/autoload/ccomplete.vim), which interpolates the unescaped typeref: or typename: field of a tags entry into a :vimgrep pattern passed to :execute. Because :vimgrep treats the bar character as a command separator, a crafted tag field can terminate the search pattern and append an attacker-controlled command that runs with the privileges of the editing user when a victim opens a malicious .c file and triggers C omni-completion. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 4.0 base score of 8.4 reflects high confidentiality, integrity, and availability impact.

Code Injection RCE Vim
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Remote code execution in Metabase (open-source BI/analytics platform) versions 1.55.0 through the fixed releases arises because one database-creation code path failed to validate unsafe H2 JDBC connection properties, letting an authenticated administrator register a crafted H2 datasource and run arbitrary Java on the server host. Because the CVSS scope is Changed (S:C), successful exploitation escapes the application context and yields full host compromise. No public exploit has been identified at time of analysis and it is not listed in CISA KEV, but the CVSS base score of 9.1 and RCE nature make it a high-priority patch for any exposed Metabase instance.

Code Injection Java RCE
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

Prototype pollution in apidevtools json-schema-ref-parser up to v15.3.5 allows low-privileged remote attackers to modify Object prototype attributes via crafted input to the Refs.set/Pointer.set functions in lib/pointer.ts. The vulnerability is tagged RCE and Code Injection, reflecting the theoretical worst-case of prototype pollution in Node.js environments where polluted properties propagate to dangerous sinks; however, the CVSS 4.0 score of 2.1 with limited (L/L/L) impact ratings suggests the direct, exploitable impact is constrained. A proof-of-concept exists (CVSS 4.0 E:P) but no confirmed active exploitation has been recorded in CISA KEV.

Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Cross-user remote code execution in Open WebUI before 0.10.0 lets an authenticated user run arbitrary code interpreter Python or invoke tools inside another logged-in user's session. The get_event_call handler dispatched execute:python and execute:tool Socket.IO events to any client-supplied session_id that was merely 'connected', so an attacker who harvested a victim's socket ID via the ydoc:document:join collaboration flow could hijack that session. A proof-of-concept is indicated in the SSVC data, though the flaw is not in CISA KEV and EPSS rates near-term mass exploitation low (0.28%, 19th percentile).

Code Injection Python RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Directory data disclosure in PEAKUP Technology's PassGate (all versions through build 30042026) allows remote unauthenticated attackers to manipulate LDAP queries by injecting special characters into user-controlled input. Reported by TR-CERT (Turkey's national CERT), the flaw carries a CVSS 8.2 driven by high confidentiality impact with no authentication or user interaction required. No public exploit code or CISA KEV listing exists at time of analysis, indicating no confirmed active exploitation.

Code Injection LDAP Passgate
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Man-in-the-middle exposure in Nozomi Networks Remote Collector arises because configuring an upstream Guardian or CMC through the n2os-tui interface generates a configuration that disables TLS certificate verification, with no option to re-enable it. Any attacker positioned on the network path between the Remote Collector and its Guardian/CMC can intercept the channel to steal the sync token, impersonate the server, inject spoofed asset or vulnerability data, or disrupt telemetry flow. There is no public exploit identified at time of analysis, and the issue is not on CISA KEV; the vendor (Nozomi) self-reported it.

Code Injection Remote Collector
NVD VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Argument injection in bosh-cli versions before v7.10.4 lets a compromised or malicious BOSH Director inject arbitrary OpenSSH command-line options into the ssh process that the CLI spawns locally, achieving code execution on the operator's own workstation. It triggers during non-interactive SSH paths such as bosh ssh -c, bosh logs -f, and similar flows where the CLI builds an ssh command from Director-supplied data. No public exploit is identified at time of analysis, and it is not listed in CISA KEV; the CVSS 4.0 base score is 7.7 (High).

SSH Code Injection Bosh Cli
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in the Generic OEM UZ801_v2.1 4G LTE Router (firmware V3.4.3) lets unauthenticated attackers run arbitrary code by sending crafted requests to the /ajax web management API served by the device's MifiService.apk component. The flaw stems from broken access control on the management endpoint, giving remote attackers full control of the device with no credentials. Publicly available exploit code exists on GitHub, though EPSS probability is low (0.24%, 15th percentile) and it is not on the CISA KEV list.

Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Elasticsearch Painless script injection via OpenCTI's GraphQL API allows any authenticated user holding the KNOWLEDGE capability to submit computationally expensive, unvalidated scripts that saturate Elasticsearch cluster CPU, degrading or denying service for the entire platform. All OpenCTI deployments prior to version 7.260401.0 are affected, with the vulnerability residing in the exposed 'script' FilterOperator of the GraphQL API. No public exploit code or CISA KEV listing is confirmed at time of analysis; a vendor-released patch is available in version 7.260401.0.

Code Injection Elastic RCE +1
NVD GitHub VulDB
CVSS 8.0
HIGH PATCH This Week

Remote code execution in DSpace 8.0-8.3 and 9.0-9.2 allows an authenticated administrator to execute arbitrary Java via Velocity templates used to render COAR Notify/LDN messages, using reflection to escape the templating sandbox. Exploitation requires valid DSpace administrator credentials and is most impactful when chained with the related LDN path-traversal flaw (GHSA-9qm4-rh6w-pq5x). No public exploit identified at time of analysis, and CVSS is 8.0 (High).

Path Traversal Code Injection Tomcat +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Command injection in yt-dlp and youtube-dl before 2026.7.4 lets a malicious video/webpage host smuggle attacker-controlled data into shortcut files generated by the --write-link, --write-url-link, and --write-desktop-link options. Because webpage_url and filename metadata are written to .url/.desktop files without validation or escaping, an attacker can inject a file:// URI on Windows or a newline-based Desktop Entry key on Linux that runs commands when the victim later opens the generated shortcut. No public exploit identified at time of analysis; EPSS is modest at 0.55% and CISA SSVC records exploitation as none, but technical impact is rated total.

Code Injection Microsoft Yt Dlp
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Custom Code Guardrails in LiteLLM's AI Gateway proxy prior to 1.82.0-stable permitted privileged users with guardrail management rights to submit arbitrary Python code via the production create and update API paths, which executed unsandboxed within the proxy process. Unlike the test endpoint - which enforced sandbox controls - the production paths lacked equivalent validation, enabling the injected code to access and expose secrets, API keys, and environment variables available to the running process. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis; risk is highest in multi-tenant or multi-operator LiteLLM deployments where guardrail management rights are distributed.

Code Injection Python RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cookie domain suffix-matching bypass in Guzzle PHP HTTP client (prior to 7.12.3) allows cross-host cookie disclosure, cookie injection, and session fixation when an application makes requests to multiple IP-address-based or bare-numeric-domain hosts within a shared CookieJar session. The SetCookie::matchesDomain() method incorrectly applied suffix-matching logic - valid for FQDN hierarchies - to numeric domain identifiers such as 192.168.0.1, [::1], and bare labels like 1, meaning a cookie set by one numeric host could be forwarded to a structurally related but distinct host. No public exploit has been identified at time of analysis; a vendor-released patch is available in version 7.12.3.

Code Injection PHP Guzzle
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name. Any caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands. The Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=>SPEC):db. An attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host.

Code Injection RCE Dbi
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Remote code execution in Koodo Reader (versions 2.3.0 and earlier) lets an attacker who supplies a malicious EPUB file run arbitrary OS commands with the victim's privileges once the book is imported and opened. The flaw combines a dangerously permissive Electron IPC handler (nodeIntegrationInSubFrames enabled) with unsanitized innerHTML rendering of chapter content, turning ebook display into a Node.js code-execution primitive. No public exploit has been identified at time of analysis; the issue is fixed in version 2.3.1 and is not listed in CISA KEV.

Code Injection Node.js RCE +1
NVD GitHub
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Arbitrary Python code execution in calibre (e-book manager) before 9.10.0 lets attackers run code on a victim's machine simply by having them import or edit a malicious EPUB, OPF, or PDF. The crafted file embeds a custom column definition containing a python: template inside the calibre:user_metadata field, which calibre passes unsanitized to exec() in its template formatter during routine metadata reading (Add books / Edit books). No public exploit has been identified at time of analysis, but the flaw triggers through normal user workflows, making weaponized e-book files a realistic delivery vector.

Code Injection Python RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Arbitrary code execution in DataEase before 2.10.24 lets authenticated users bypass H2 JDBC URL validation using special Unicode characters whose case conversion differs between DataEase's validator and the H2 parser, smuggling dangerous parameters such as INIT into a malicious H2 connection string. Because H2's INIT clause executes SQL/DDL at connection time, an attacker can run arbitrary code on the host. No public exploit has been identified at time of analysis, but a fix commit and release exist, making the mechanism reproducible from the public patch.

Code Injection RCE Dataease
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Header injection in Django's DomainNameValidator allows network attackers to inject arbitrary HTTP response headers when applications pass validator-accepted domain values directly into HTTP responses, affecting Django 6.0 before 6.0.7 and 5.2 before 5.2.16. The validator silently accepts embedded newline characters in domain name strings, enabling HTTP response splitting that can facilitate session hijacking, open redirects, or cross-site scripting against end users. No public exploit code or CISA KEV listing exists at time of analysis; practical risk is narrowed significantly by Django's HttpResponse class independently rejecting newlines, meaning only non-standard code paths are exploitable.

Code Injection Python Django
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Privilege-escalation-capable LDAP injection in HAVELSAN Liman MYS (all releases before Master.1107) lets an authenticated attacker inject unsanitized special characters into LDAP queries, subverting directory-backed authentication and authorization logic. Because Liman is typically wired into corporate LDAP/Active Directory for login, a successful injection can expose directory data, bypass access controls, and manipulate query results. No public exploit identified at time of analysis, and the flaw is not on the CISA KEV list; risk is driven by the high CVSS 8.8 rating rather than confirmed in-the-wild activity.

Code Injection LDAP
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user with write access to any subtree to inject a malicious sudoRole object and gain root-level sudo on every SSSD-enrolled host. The flaw exists because, when ldap_sudo_search_base is left unset, SSSD searches the entire directory tree for sudoRole objects, trusting rules planted anywhere in the DIT. Rated CVSS 8.8 by Red Hat and reported against RHEL 6 through 10 and OpenShift Container Platform 4; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +6
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Full site takeover of WordPress installations running Uncanny Automator Pro before 7.3.0.6, caused by a supply-chain compromise of the vendor's build/distribution infrastructure that shipped a backdoored plugin build to customers. The injected backdoor hands unauthenticated attackers a working administrator session and beacons the site's secret keys and administrator details to attacker-controlled servers. This is a trojanized-update incident rather than a coding flaw; no public exploit is identified at time of analysis and EPSS probability is low (0.15%, 4th percentile), consistent with the threat being embedded in the code itself rather than requiring an external exploit.

WordPress Code Injection
NVD WPScan VulDB
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Authenticated remote code execution in FOSSBilling 0.6.10 through 0.7.2 lets an admin-privileged user inject arbitrary PHP into config.php via the Config::prettyPrintArrayToPHP() method, which fails to escape single quotes in string configuration values. Because config.php is pulled in through a bare include on every HTTP request, injected code runs persistently on all subsequent requests. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 4.0 base score is 8.9, elevated by the persistent, server-wide impact once an admin account is abused.

Code Injection PHP RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Man-in-the-middle interception affects the Coder AI Bridge Proxy (aibridgeproxyd), introduced in Coder v2.30.0, where the goproxy default transport set InsecureSkipVerify:true and only used a secure transport when an upstream proxy was configured. In the default no-upstream-proxy configuration, outbound HTTPS to the Coder access URL accepted any TLS certificate, letting an on-path attacker decrypt traffic and steal Coder session tokens, BYOK provider API keys, and full prompt/completion bodies. CVSS 7.4 (High); there is no public exploit identified at time of analysis and it is not listed in CISA KEV, so risk hinges on an attacker already holding a network-adjacent position.

Code Injection
NVD GitHub VulDB
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in the Langroid Python LLM-agent framework allows an attacker who can influence LLM prompts to escape the intended sandbox and run arbitrary OS commands on the host. The flaw affects TableChatAgent.pandas_eval() and the VectorStore base class, which pass LLM-generated expressions to Python's eval() with an empty locals dict but an unscrubbed globals dict, leaving __builtins__ implicitly available. A full working proof-of-concept is included in the advisory (publicly available exploit code exists); CVSS is scored 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), though real-world exploitation is gated on the non-default full_eval=True setting.

Code Injection Python RCE
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Identity/authorization header spoofing in Traefik reverse proxy (before v2.11.51, v3.6.22, and v3.7.6) lets an attacker reaching a protected route smuggle an underscore-variant HTTP header past the BasicAuth, DigestAuth, and ForwardAuth middlewares' sanitization. Traefik strips canonical dashed spoofed headers before setting its own trusted value but ignores underscore forms (e.g. X_Forwarded_User vs X-Forwarded-User) that many backends normalize identically, so the forged header reaches the backend alongside — or, on the ForwardAuth authResponseHeaders path, instead of — Traefik's intended value. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but a vendor fix and upstream commit are published.

Code Injection Canonical Traefik
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in Crawl4AI's Docker API server (versions prior to 0.9.0) lets unauthenticated attackers run arbitrary commands as the container runtime user. The server passes request-supplied browser_config.extra_args directly into Chromium's launch arguments, enabling argument injection (CWE-88) of a malicious child-process launcher combined with --no-zygote. Because the Docker API is unauthenticated by default and CVSS is scored 10.0, a single crafted HTTP request achieves full container compromise; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Docker Google +1
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Privilege escalation in the Plesk web hosting control panel lets an authenticated low-privileged user abuse an improper authorization flaw in the XML API to inject arbitrary configuration directives, achieving arbitrary file write as root and full compromise of the underlying server. Rated CVSS 9.9 with a scope change, this turns any valid panel account into root on the host; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Privilege Escalation RCE +1
NVD VulDB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

{from}/sendMail path segment, rewriting both path and query string of the outbound request. No public exploit has been identified at time of analysis; a vendor-released patch is available in version 1.26.3.

Code Injection Microsoft Swoosh
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Cypher injection in Apache Camel's camel-neo4j producer allows attackers who control JSON key names in the CamelNeo4jMatchProperties map to execute arbitrary Cypher queries against the connected Neo4j database, enabling unauthorized read, modification, or deletion of any node or relationship. The flaw exists across three release streams (4.10.0-4.14.7, 4.15.0-4.18.2, 4.19.0-4.20.x) and is a direct bypass of the partial fix introduced in CVE-2025-66169, which bound property values as query parameters but left property names (JSON keys) concatenated verbatim into the WHERE clause. No public exploit code or CISA KEV listing has been identified at time of analysis, though the prior related CVE in the same producer indicates recurring injection exposure in this component.

Code Injection Nosql Injection Apache +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before outputting it in an administrator notice, allowing unauthenticated attackers to inject arbitrary web scripts that execute in the context of a logged-in administrator.

WordPress Code Injection Simple Membership
NVD WPScan VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Improper input validation (CWE-20) in the camel-aws2-sns component of Apache Camel stems from a missing inbound HeaderFilterStrategy rule on Sns2HeaderFilterStrategy, mirroring the flaw fixed in the sibling camel-aws2-sqs component (CVE-2026-46456). However, camel-aws2-sns is producer-only - Sns2Endpoint throws UnsupportedOperationException on createConsumer - so no externally-supplied SNS message attributes are ever mapped inbound into a Camel Exchange, leaving the missing filter rule unreachable by any attacker. Despite the NVD CVSS 9.8 rating, the vendor explicitly classifies this as a defense-in-depth alignment with no known exploit path, and EPSS scores it at just 0.16% (6th percentile); no public exploit identified at time of analysis.

Microsoft Code Injection Apache +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Remote PHP code injection in stumasy's calculator module allows unauthenticated network attackers to execute arbitrary server-side code by manipulating the `mathematical_sentence` parameter passed unsanitized into PHP's `eval()` function in calculate.php. A public proof-of-concept exploit exists (GitHub issue #5), and no patch has been released - the project maintainer has not responded to the disclosure. The rolling release model means no fixed version can be cited; the vulnerability is present through at least commit 327d1b0f2915ba79d7ef8ebb74553e987609d9be.

Code Injection PHP RCE +1
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Code injection in TidGi-Desktop up to version 0.13.0 allows remote attackers to execute arbitrary code through the application's Git Repository Import feature, specifically within the sub-wiki loading worker. The flaw resides in `src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts`, where externally-sourced Git repository content is processed without adequate code-injection safeguards (CWE-94). A public exploit has been disclosed and referenced via the GitHub security advisory GHSA-9hc2-hjx8-q6pv, though no CISA KEV listing exists at time of analysis.

Code Injection RCE Tidgi Desktop
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Code injection in SourceCodester Multi-Vendor Online Grocery Management System 1.0 allows remote low-privileged attackers to execute arbitrary PHP code by manipulating the `content[]` argument passed to the `update_settings_info` function in `classes/SystemSettings.php`. A public proof-of-concept exploit has been disclosed on GitHub, and exploitation requires only a low-privileged authenticated session over the network. No CISA KEV listing exists, but the public exploit materially lowers the barrier for opportunistic attacks against any internet-exposed instance.

Code Injection PHP RCE +1
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in the NLTK Python library (nltk/nltk 3.9.3 and earlier) allows an attacker to run untrusted Java code when a victim loads a malicious JAR through five Stanford interface wrappers (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, StanfordNeuralDependencyParser). These classes pass a user-controllable JAR path to an internal java() helper that calls subprocess.Popen() with no SHA256 integrity check, so a substituted or poisoned JAR executes with the user's privileges. This is a regression of CVE-2026-0848, whose SHA256 verification fix was applied only to StanfordSegmenter and never propagated to these five classes; no public exploit is identified at time of analysis, though a huntr bounty report exists.

Code Injection RCE Nltk Nltk +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation via argument injection in TUBITAK BILGEM's pardus-software (the software-center application for the Turkish Pardus Linux distribution) affects all versions up to and including 1.0.4. A low-privileged local user can smuggle attacker-controlled argument delimiters into a command the application invokes with elevated privileges, yielding full compromise of the host (confidentiality, integrity, and availability all high) with no user interaction. No public exploit has been identified at time of analysis, and the issue is not on CISA KEV; it is fixed in version 1.0.5.

Code Injection Pardus Software
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Indirect prompt injection in the Kong Konnect Model Context Protocol (MCP) server (konghq mcp-konnect) before version 1.0.0 allows a remote attacker to smuggle malicious instructions into content that an LLM agent processes, causing the agent to issue unintended Kong Konnect API requests. Because the injected instructions execute with the trust and credentials of the connected agent, an attacker can exfiltrate sensitive Konnect data or drive management API calls the operator never intended. No public exploit identified at time of analysis, but the CVSS 7.4 rating (scope-changed, confidentiality-high) reflects meaningful impact once an agent ingests attacker-controlled data.

Code Injection Mcp Konnect
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Arbitrary shortcode execution in the CURCY Multi Currency for WooCommerce WordPress plugin (versions up to and including 2.2.14) allows unauthenticated attackers to invoke any registered WordPress shortcode by sending a crafted request to a vulnerable action handler in frontend/cache.php. The root cause is a failure to validate the shortcode value before passing it to do_shortcode(), meaning any shortcode registered on the site - including those that expose user data, perform database queries, or render sensitive page content - can be triggered without authentication. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, though the low attack complexity and zero-authentication requirement elevate practical risk above what the moderate CVSS score suggests.

Code Injection WordPress RCE +1
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Blind plaintext injection into Erlang/OTP TLS clients allows a network-positioned attacker to insert unauthenticated APPLICATION_DATA records during the handshake that the application subsequently receives as authenticated post-handshake server data. The root asymmetry is in tls_gen_connection:handle_protocol_record/3, which correctly rejects pre-handshake APPLICATION_DATA for TLS server endpoints but omits the equivalent guard for client endpoints, enabling record buffering prior to authentication. No active exploitation has been confirmed (not in CISA KEV, no POC referenced), but the network-only attack requirement and breadth of affected OTP versions - spanning OTP 17.0 through current - make patching urgent for Erlang-based services that consume TLS client data in untrusted network environments.

Code Injection Otp
NVD GitHub VulDB
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unauthenticated remote code execution affects Creative Themes' Blocksy Companion Pro WordPress plugin in all versions up to and including 2.1.46, allowing remote attackers to inject and execute arbitrary code (CWE-94) without any authentication or user interaction. Rated CVSS 10.0 with a scope-changed vector, this is a maximum-severity flaw reported by Patchstack. No public exploit identified at time of analysis and it is not currently listed in CISA KEV, but the trivial exploitability of an unauthenticated RCE makes it a high-priority patching target.

Code Injection RCE Blocksy Companion Pro
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

Remote code execution in the Five Star Business Profile and Schema WordPress plugin (versions up to and including 2.3.19) allows an attacker holding an Editor-level or higher account to inject and execute arbitrary PHP code on the host. Reported by Patchstack and rated CVSS 9.1 due to its scope-changing impact, the flaw turns a trusted content role into full server compromise. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CWE-94 code-injection root cause makes reliable exploitation straightforward for any authorized high-privilege user.

Code Injection RCE Five Star Business Profile And Schema
NVD VulDB
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Authenticated remote code execution in Craft CMS 5.9.0 through 5.9.x allows control panel users with entry-editing permissions to inject unsandboxed Twig code via the HTTP Referer header during entry save operations. Because the signed redirect URL derived from the attacker-controlled Referer is compiled with renderObjectTemplate() instead of the sandboxed renderSandboxedObjectTemplate(), a low-privileged CMS operator can achieve server-side template injection leading to code execution. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is fixed in Craft CMS 5.10.0.

Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in the V8 JavaScript engine of Google Chrome before 150.0.7871.46 allows a remote attacker who lures a victim to a crafted HTML page to execute arbitrary code — though notably only within the renderer sandbox rather than achieving full host compromise. Rated CVSS 8.8 and stemming from a code-generation flaw (CWE-94) in V8, it affects all Chrome desktop installations on the vulnerable channel; a fix has shipped, but there is no public exploit identified at time of analysis and CISA SSVC records exploitation status as none.

Code Injection Google RCE +1
NVD
Page 1 of 54 Next

Quick Facts

Typical Severity
CRITICAL
Category
web
Total CVEs
4831

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy