Skip to main content

Code Injection

web CRITICAL

Code injection occurs when an application accepts user input and passes it directly into a language interpreter or evaluator without proper sanitization.

How It Works

Code injection occurs when an application accepts user input and passes it directly into a language interpreter or evaluator without proper sanitization. Unlike command injection (which targets the OS shell), code injection exploits the application's own scripting engine—Python's eval(), PHP's eval(), JavaScript's eval(), Ruby's instance_eval(), or similar dynamic execution functions. The attacker crafts input that, when interpreted, executes arbitrary code within the application's runtime context.

Common attack vectors include server-side template engines where user input reaches expression evaluators, configuration files that are dynamically loaded and executed, code validators that ironically execute the code they're supposed to check, and endpoints that process serialized objects or callable definitions. In Python applications, decorators evaluated at class definition time present particularly dangerous targets since they execute before any runtime validation occurs.

The exploitation chain typically begins with identifying an endpoint that processes structured input—API parameters, file uploads, configuration snippets. The attacker then crafts payloads that break out of intended data contexts into executable code contexts. For instance, injecting @os.system('whoami') as a decorator definition, or embedding {{ ''.__class__.__mro__[1].__subclasses__() }} in template syntax to access Python internals and escalate to operating system commands.

Impact

  • Complete server compromise — execute arbitrary Python, PHP, Ruby, or JavaScript code with application privileges
  • Operating system command execution — break out from language runtime to system shell via subprocess calls
  • Data exfiltration — read database credentials, environment variables, source code, and business data
  • Persistence establishment — modify application files, inject backdoors, create scheduled tasks
  • Lateral movement — leverage server access to attack internal network resources and connected services

Real-World Examples

A critical vulnerability in Langflow, a popular AI workflow framework with over 50,000 GitHub stars, exposed an unauthenticated /api/v1/validate/code endpoint meant to check Python code safety. Attackers discovered they could inject malicious decorators into class definitions. Since Python evaluates decorators at class definition time-before the AST validation logic even ran-the payload executed immediately when passed to exec(). This provided complete remote code execution without authentication.

Web template engines frequently suffer from code injection when developers allow user content in template expressions. An attacker might inject {{7*7}} to test for evaluation, then escalate to {{config.items()}} to dump Flask configuration, ultimately reaching {{''.__class__.__bases__[0].__subclasses__()}} to navigate Python's object hierarchy and invoke system commands.

Configuration management systems that dynamically import or evaluate user-supplied configuration have enabled attackers to inject executable code disguised as YAML anchors, JSON with embedded expressions, or INI files with interpreted sections.

Mitigation

  • Eliminate dynamic code execution — refactor to use data-driven approaches instead of eval(), exec(), Function(), or similar constructs
  • Abstract Syntax Tree (AST) allowlisting — if code execution is unavoidable, parse input into AST and validate against a strict allowlist of permitted operations before execution
  • Sandboxed execution environments — use restricted interpreters (Python's RestrictedPython), containers, or separate processes with minimal privileges
  • Remove or authenticate debug/validation endpoints — code validators and test endpoints are prime targets
  • Input type enforcement — accept only serialized data formats (JSON, Protocol Buffers) that cannot contain executable code
  • Defense in depth — run application with minimal OS privileges, use network segmentation, monitor for unusual subprocess creation

Recent CVEs (4849)

EPSS 0% CVSS 8.6
HIGH This Week

Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Content No Cache allows Code Injection. This issue affects Content No Cache: from n/a through 0.1.3.

RCE Code Injection
NVD
EPSS 0% CVSS 8.9
HIGH PATCH This Week

CVE-2025-53007 is a security vulnerability (CVSS 8.9). High severity vulnerability requiring prompt remediation.

Code Injection
NVD GitHub
EPSS 2% CVSS 8.3
HIGH POC PATCH This Week

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the `vhead_file` is loaded without proper safeguards, allowing malicious attackers to execute arbitrary malicious code on the host system simply by passing a malicious `Checkpoint path` parameter through the `WebUI` interface. The attack is stealthy, as the victim remains unaware of the exploitation. The root cause is that the `vhead_file` argument is loaded without the secure parameter `weights_only=True`. Version 0.9.4 contains a fix for the issue.

RCE Code Injection Llama Factory
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

CVE-2025-5826 is a security vulnerability (CVSS 6.3) that allows network-adjacent attackers. Remediation should follow standard vulnerability management procedures.

Code Injection Maxicharger Ac Elite Business C50 Firmware Maxicharger Ac Ultra Firmware +7
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Registrator, a GitHub app automating Julia package registration, contains critical shell injection and argument injection vulnerabilities in versions prior to 1.9.5 that can be exploited through malicious or injected clone URLs returned by GitHub. An unauthenticated remote attacker can achieve arbitrary code execution on systems running vulnerable versions with no user interaction required. No public exploits are confirmed, but the vulnerability is trivial to exploit given the direct code paths involved.

Command Injection RCE Code Injection +3
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

CVE-2025-52479 is a CRLF injection vulnerability in URIs.jl (<1.6.0) and HTTP.jl (<1.10.17) that allows attackers to construct malicious URIs containing carriage return and line feed characters. If user input is not properly escaped, this can enable CRLF injection attacks to manipulate HTTP headers or protocol boundaries. The vulnerability has a CVSS score of 7.7 (high integrity impact) and affects Julia ecosystem users; patch versions are available and should be deployed immediately.

Code Injection
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

A security vulnerability in Successful exploitation of the vulnerability could allow an attacker that (CVSS 6.4) that allows an attacker that has physical access. Remediation should follow standard vulnerability management procedures.

Code Injection Wise 4010lan Firmware Wise 4060lan Firmware +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

CVE-2023-47295 is a critical CSV injection vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated remote attackers to execute arbitrary commands through crafted payloads injected into any text input field. The vulnerability has a CVSS 9.8 score indicating maximum severity due to network accessibility, no authentication requirements, and complete system compromise potential (confidentiality, integrity, and availability impact). This represents a direct remote code execution risk affecting payment terminal infrastructure.

Code Injection Terminal Handler
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

CVE-2025-6512 is a critical privilege escalation vulnerability in BRAIN2 where unauthenticated attackers can inject malicious scripts into reports on non-admin client systems, which are then executed with administrator privileges on the BRAIN2 server. This represents a complete system compromise with CVSS 10.0 severity, affecting all users regardless of their local privilege level. No authentication is required to exploit this vulnerability, making it immediately exploitable in network environments.

RCE Code Injection Privilege Escalation
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.

RCE Code Injection
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A remote code execution vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Code Injection Linux Ubuntu +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

CVE-2022-50089 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Code Injection Linux Ubuntu +4
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Kernel BUG in the Linux kernel's BPF cgroup subsystem that can be triggered via a memory allocation failure during BPF program detachment, causing a denial of service (kernel panic). Local unprivileged users with BPF capabilities can trigger this by exploiting a race condition between program attachment/detachment and memory pressure, resulting in high availability impact with potential information disclosure. The vulnerability affects Linux kernel versions before the fix was merged (approximately 5.19.0+).

Code Injection Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

CVE-2025-38016 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Code Injection Linux Ubuntu +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

CVE-2025-49155 is an uncontrolled search path vulnerability in Trend Micro Apex One's Data Loss Prevention (DLP) module that allows unauthenticated remote attackers to inject and execute arbitrary code. The vulnerability requires user interaction (CVSS UI:R) but poses critical risk to organizations deploying Apex One, as successful exploitation grants full system compromise with high confidentiality, integrity, and availability impact (CVSS 8.8). Exploitation likelihood should be assessed against current threat intelligence for active in-the-wild usage.

RCE Trend Micro Code Injection +2
NVD
EPSS 5% CVSS 8.1
HIGH POC PATCH This Week

The Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin (versions ≤1.3.8.9) contains an unrestricted file upload vulnerability allowing unauthenticated attackers to bypass file type blacklists and upload dangerous file extensions (.phar, etc.). On servers configured to execute .phar files as PHP (common in default Apache+mod_php setups), this enables remote code execution with high impact to confidentiality, integrity, and availability (CVSS 8.1). While KEV and EPSS data are not provided, the vulnerability is actively exploitable given its public disclosure and network-accessible attack vector.

WordPress PHP RCE +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Server-Side Template Injection (SSTI) vulnerability in the chat feature of Citrix Remote Support (RS) and Privileged Remote Access (PRA) that enables unauthenticated remote code execution with a critical CVSS score of 9.8. The vulnerability affects the chat messaging functionality across both products with no authentication or user interaction required, allowing attackers to execute arbitrary code on affected systems. This is a critical severity issue requiring immediate patching.

RCE Code Injection Remote Support +1
NVD
EPSS 0% CVSS 3.8
LOW Monitor

CVE-2025-24388 is a security vulnerability (CVSS 3.8) that allows parameter injection due. Remediation should follow standard vulnerability management procedures.

Code Injection
NVD
EPSS 0% CVSS 2.0
LOW Monitor

A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in dynamically evaluated code. The exploit has been disclosed to the public and may be used.

RCE Code Injection
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling meta.yaml can inject malicious code into the version assignment, which is executed during file processing, leading to arbitrary code execution. Exploitation requires an attacker to modify the recipe file by manipulating the RECIPE_DIR variable and introducing a malicious meta.yaml file. While this is more feasible in CI/CD pipelines, it is uncommon in typical environments, reducing overall risk. This vulnerability is fixed in 4.15.0.

RCE Code Injection
NVD GitHub
EPSS 0% CVSS 8.0
HIGH POC PATCH This Week

A security vulnerability in versions (CVSS 8.0). Risk factors: public PoC available. Vendor patch is available.

RCE Privilege Escalation Code Injection +1
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

CVE-2025-22239 is an arbitrary event injection vulnerability in SaltStack's master node that allows an authorized minion to inject malicious events onto the master's event bus via the '_minion_event' method. This affects Salt Master deployments where minions have event publishing capabilities, enabling authenticated attackers to manipulate internal event flows and potentially trigger unintended master behaviors. The CVSS 8.1 score reflects high confidentiality and integrity impact with local attack vector, though exploitation requires prior authentication as an authorized minion.

Code Injection Suse
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.

Paloalto Code Injection
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input. Specifically, an application is vulnerable when all the following are true: * The header is prepared with org.springframework.http.ContentDisposition. * The filename is set via ContentDisposition.Builder#filename(String, Charset). * The value for the filename is derived from user-supplied input. * The application does not sanitize the user-supplied input. * The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details). An application is not vulnerable if any of the following is true: * The application does not set a “Content-Disposition” response header. * The header is not prepared with org.springframework.http.ContentDisposition. * The filename is set via one of: * ContentDisposition.Builder#filename(String), or * ContentDisposition.Builder#filename(String, ASCII) * The filename is not derived from user-supplied input. * The filename is derived from user-supplied input but sanitized by the application. * The attacker cannot inject malicious content in the downloaded content of the response. Affected Spring Products and VersionsSpring Framework: * 6.2.0 - 6.2.7 * 6.1.0 - 6.1.20 * 6.0.5 - 6.0.28 * Older, unsupported versions are not affected MitigationUsers of affected versions should upgrade to the corresponding fixed version. Affected version(s)Fix versionAvailability6.2.x6.2.8OSS6.1.x6.1.21OSS6.0.x6.0.29 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary. CWE-113 in `Content-Disposition` handling in VMware Spring Framework versions 6.0.5 to 6.2.7 allows remote attackers to launch Reflected File Download (RFD) attacks via unsanitized user input in `ContentDisposition.Builder#filename(String, Charset)` with non-ASCII charsets.

Java Code Injection VMware +4
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

CVE-2025-4278 is an HTML injection vulnerability in GitLab CE/EE versions 18.0.0 through 18.0.1 that allows authenticated attackers to inject malicious HTML through the new search page. Under specific conditions, this vulnerability can escalate to account takeover by leveraging user interaction (UI requirement), with a CVSS score of 8.7 indicating high severity. The vulnerability requires low attack complexity and network accessibility, making it a significant risk for organizations running affected GitLab versions.

Gitlab Code Injection
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT /api/v4/ldap/groups/{remote_id}/link API when objectGUID is configured as the Group ID Attribute.

LDAP Code Injection Debian +2
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

A remote code execution vulnerability (CVSS 6.1) that allows attackers. Remediation should follow standard vulnerability management procedures.

Code Injection
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL Act Now

Critical Code Injection vulnerability (CWE-94) in MetalpriceAPI versions through 1.1.4 that allows authenticated attackers to inject and execute arbitrary code with network access and low complexity. The vulnerability has a maximum severity CVSS score of 9.9 with complete impact across confidentiality, integrity, and availability. This is a high-priority vulnerability affecting any deployment of MetalpriceAPI up to version 1.1.4, with no publicly confirmed workarounds available at this time.

Code Injection RCE
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

A remote code execution vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems.

WordPress Code Injection RCE
NVD
EPSS 1% CVSS 9.9
CRITICAL PATCH Act Now

A security vulnerability in WilderForge (CVSS 9.9). Critical severity with potential for significant impact on affected systems.

RCE Code Injection Github
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A remote code execution vulnerability in Discourse (CVSS 7.1). High severity vulnerability requiring prompt remediation.

Code Injection Discourse
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Format string vulnerability in QNAP Qsync Central that allows authenticated remote attackers to read sensitive data or modify memory without user interaction. The vulnerability affects all versions prior to Qsync Central 4.5.0.6 (released March 20, 2025), with a CVSS score of 8.1 indicating high severity. While no public exploit or KEV status is currently documented, the low attack complexity and requirement for only low-privilege user access make this a significant risk for organizations running vulnerable versions.

Information Disclosure Qnap Code Injection +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in cmoreira Team Showcase allows Code Injection. This issue affects Team Showcase: from n/a through n/a.

RCE Code Injection
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed only with permissions higher than the view permission.

RCE Code Injection
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.

RCE Code Injection
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Critical remote code execution vulnerability in expression language processors that allows unauthenticated attackers to execute arbitrary code with maximum server privileges through improper input neutralization. This is a perfect-score CVSS 10.0 vulnerability affecting expression language engines across multiple frameworks; exploitation requires no authentication, user interaction, or special configuration, making it an immediate priority for any organization using affected technologies.

RCE Code Injection
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

A security vulnerability in Django 5.2 (CVSS 4.0) that allows remote attackers. Remediation should follow standard vulnerability management procedures.

Python Code Injection Ubuntu +5
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Auth bypass in DataEase via CVE-2025-49001 patch evasion. PoC available.

Authentication Bypass Code Injection Dataease
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A remote code execution vulnerability in webpack-dev-server (CVSS 5.3) that allows users. Risk factors: public PoC available. Vendor patch is available.

Code Injection Webpack Dev Server Red Hat
NVD GitHub
EPSS 17% 4.0 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Unauthenticated RCE in JEHC-BPM 2.0.1 via execParams. EPSS 17.3%. PoC and patch available. CVSS 10.0.

RCE Code Injection Jehc Bpm
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote privilege escalation in Android WLAN AP driver via packet injection.

Privilege Escalation Code Injection Software Development Kit +1
NVD
EPSS 1% CVSS 8.6
HIGH POC PATCH This Week

FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Code Injection +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Kea configuration and API directives can be used to load a malicious hook library. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Red Hat +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Mozilla
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Nagvis
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in docarray up to 0.40.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Docarray
NVD GitHub VulDB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection +1
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Code Injection
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series:. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
EPSS 1% CVSS 8.9
HIGH This Month

Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection
NVD
EPSS 1% CVSS 7.5
HIGH This Month

Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection
NVD
EPSS 2% CVSS 7.5
HIGH This Month

Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
EPSS 0% CVSS 7.5
HIGH This Month

SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection SQLi
NVD
EPSS 0% CVSS 7.2
HIGH This Month

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Niagara Niagara Enterprise Security
NVD
EPSS 0% CVSS 7.2
HIGH This Month

A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection +1
NVD
EPSS 1% CVSS 7.2
HIGH POC This Month

A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection +1
NVD
EPSS 0% CVSS 9.1
CRITICAL This Week

IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Suse
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Month

An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Month

Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Checkmk
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Hubble is a fully distributed networking and security observability platform for cloud native workloads. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Suse
NVD GitHub
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Act Now

A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

RCE Command Injection Code Injection +1
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Month

Langroid is a Python framework to build large language model (LLM)-powered applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Python +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Langroid is a Python framework to build large language model (LLM)-powered applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Python +1
NVD GitHub
EPSS 1% CVSS 7.6
HIGH PATCH This Month

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG Lite allows Code Injection.6.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection.7.41. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG allows Code Injection.5.34. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Code Injection +1
NVD
EPSS 2% CVSS 9.8
CRITICAL This Week

mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Deserialization
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Paloalto
NVD
EPSS 8% CVSS 8.8
HIGH POC PATCH This Week

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Code Injection +2
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Code Injection +1
NVD
EPSS 45% 5.8 CVSS 7.2
HIGH POC KEV EUVD KEV THREAT Act Now

Ivanti Endpoint Manager Mobile (EPMM) contains an authenticated code injection in the API component, allowing authenticated attackers to execute arbitrary code through crafted API requests.

RCE Code Injection Ivanti +1
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Cv 7428Ns Firmware
NVD GitHub
EPSS 0% CVSS 2.5
LOW Monitor

An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions. Rated low severity (CVSS 2.5). No vendor patch available.

Code Injection Forticlient Fortifone Softclient
NVD
EPSS 0% CVSS 8.3
HIGH This Month

SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection SAP
NVD
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Vvveb
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
EPSS 0% CVSS 7.0
HIGH POC PATCH This Month

EspoCRM is a free, open-source customer relationship management platform. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Espocrm
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Retool (self-hosted) before 3.196.0 allows Host header injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploaded_file_cancelled field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Code Injection +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Month

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Code Injection +1
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Erlang/OTP is a set of libraries for the Erlang programming language. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

An Eval Injection issue was discovered in Znuny through 7.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Znuny
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the get_table_records. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress PHP +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: don't try to reclaim hwpoison folio Syzkaller reports a bug as follows: Injecting memory failure for pfn 0x18b00e at. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Code Injection Linux Kernel +2
NVD
EPSS 1% CVSS 7.3
HIGH This Week

The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress Code Injection +1
NVD
EPSS 0% CVSS 4.7
MEDIUM Monitor

A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Cisco Catalyst Sd Wan Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member allows Code Injection.10.3. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in GS Plugins GS Testimonial Slider allows Code Injection.2.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
Prev Page 16 of 54 Next

Quick Facts

Typical Severity
CRITICAL
Category
web
Total CVEs
4849

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy