Code Injection

CodeGenieApp's serverless-express library (versions up to 4.17.1) contains an injection vulnerability in its Users Endpoint that allows attackers to manipulate filter arguments and execute unauthorized commands remotely. This affects applications using the vulnerable versions of this library. An attacker could exploit this to inject malicious code, potentially gaining unauthorized access to user data or taking control of affected systems.

Code injection in elecV2P versions up to 3.8.3 via the jsfile endpoint allows authenticated attackers to execute arbitrary code remotely through the runJSFile function. Public exploit code is available, though no patch has been released. Affected organizations using this component should restrict access to the vulnerable endpoint and monitor for exploitation attempts.

Arbitrary OS command execution in Cloud CLI versions prior to 1.24.0 allows authenticated users to inject malicious commands through improperly sanitized git configuration parameters passed to shell execution functions. The /api/user/git-config endpoint fails to properly escape bash metacharacters like backticks and $() substitutions, enabling attackers to execute arbitrary operating system commands with application privileges. No patch is currently available for affected deployments.

Remote code execution in Craft CMS 5 allows authenticated Control Panel users with basic access (including non-admin roles like Author or Editor) to execute arbitrary code by injecting malicious Twig templates through condition rule parameters. The vulnerability exploits an unsandboxed template rendering function that bypasses all security hardening settings, affecting versions prior to 5.9.9 and 4.17.4. No patch is currently available for this HIGH severity vulnerability.

RCE in OpenClaw Agent Platform v2026.2.6 via prompt injection.

Arbitrary command execution in MR-GM5L-S1 and MR-GM5A-L1 devices stems from unsafe code injection handling that can be exploited by administrators to bypass execution restrictions. An authenticated attacker with admin privileges can leverage this vulnerability to run arbitrary commands with elevated permissions on the affected systems. No patch is currently available to remediate this vulnerability.

CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of the subsequent system when an authenticated user opens a malicious project file.

Tool name collision in WeKnora's MCP client integration allows remote attackers with network access to register malicious tools that overwrite legitimate ones, enabling prompt injection attacks and potential data exfiltration. An attacker exploiting this vulnerability can redirect LLM execution to steal system prompts and context data, or execute arbitrary tools with the privileges of authenticated users. This affects WeKnora versions prior to 0.3.0.

Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attributes (CVSS 7.7).

Arbitrary PHP code execution in the Easy PHP Settings WordPress plugin through versions 1.0.4 allows authenticated administrators to inject malicious code via inadequately sanitized memory limit configuration parameters that bypass quote filtering in wp-config.php. An attacker with administrator privileges can exploit insufficient input validation in the `update_wp_memory_constants()` method to break out of PHP string context and execute arbitrary commands that execute on every page request. No patch is currently available for this high-severity vulnerability.

Immutable.js provides many Persistent Immutable data structures. versions up to 3.8.3 is affected by improperly controlled modification of object prototype attributes (prototype pollution).

Unauthenticated NoSQL injection in Rocket.Chat's authentication service allows attackers to manipulate MongoDB queries by injecting operator expressions into username fields, potentially bypassing login controls and accessing unintended user accounts. The vulnerability affects versions prior to 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, with no patch currently available for affected deployments.

Remote code execution in Locutus prior to version 3.0.0 allows unauthenticated remote attackers to execute arbitrary JavaScript code through improper validation in the call_user_func_array function, which unsafely passes user-controlled callback parameters to eval(). Applications using the vulnerable versions of this JavaScript standard library implementation are at risk of complete compromise through network-based attacks. No patch is currently available for affected deployments.

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the Super Admin account. By changing the email address of the Super Admin and triggering a password reset,...

Arbitrary file read in changedetection.io prior to 0.54.4 allows unauthenticated remote attackers to access sensitive files by injecting malicious XPath expressions into content filters, exploiting the unparsed-text() function in the elementpath library. The application fails to validate or sanitize XPath input, enabling attackers to read any file accessible to the application process. Public exploit code exists for this vulnerability.

Natro Macro versions prior to 1.1.0 execute arbitrary AutoHotkey code embedded in shared pattern and path files, allowing attackers to achieve code execution with the privileges of the logged-in user. Since these configuration files are commonly distributed among users, malicious actors can inject code that executes silently in the background alongside legitimate macro functionality. The vulnerability affects users who load untrusted pattern or path files from external sources.

An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. [CVSS 8.8 HIGH]

Host header injection in @perfood/couch-auth v0.26.0 for password reset token theft.

Gogs prior to version 0.14.2 contains a command injection vulnerability in release deletion functionality where improper handling of user-controlled tag names allows git options to be injected into git commands. An authenticated attacker with UI interaction can exploit this to achieve integrity and availability impacts. Public exploit code exists for this vulnerability.

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. [CVSS 3.7 LOW]

Remote code execution in Crocoblock JetEngine versions 3.7.2 and earlier allows authenticated attackers to execute arbitrary code through improper handling of code generation. An attacker with valid credentials can leverage this code injection vulnerability to achieve remote code inclusion and gain full control over affected WordPress installations. No patch is currently available, leaving all users of vulnerable JetEngine versions at risk.

Code injection in Widget Options WordPress plugin.

Builderall Builderall Builder for WordPress builderall-cheetah-for-wp is affected by code injection (CVSS 9.9).

HTTP request smuggling in Pingora HTTP/1.0 Transfer-Encoding handling.

HTTP request smuggling in Cloudflare Pingora HTTP/1.1 upgrade handling.

Hono versions up to 4.12.4 contains a vulnerability that allows attackers to injection of additional cookie attributes if untrusted input was passed into the (CVSS 5.4).

Hono versions up to 4.12.4 contains a vulnerability that allows attackers to injection of additional SSE fields within the same event frame if untrusted inpu (CVSS 6.5).

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise. [CVSS 4.8 MEDIUM]

Arubaos contains a vulnerability that allows attackers to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks (CVSS 4.3).

Malicious actors can install unauthorized Group Temporal Keys on ArubaOS wireless clients through a standardized roaming protocol vulnerability, enabling frame injection and network segmentation bypass. An attacker positioned on the local network could leverage this to intercept traffic, bypass client isolation, and compromise network integrity and confidentiality. No patch is currently available.

SEPPmail Secure Email Gateway versions before 15.0.1 fail to properly validate S/MIME message headers, enabling attackers to forge or manipulate email headers and bypass trust mechanisms without authentication. This allows adversaries to spoof trusted senders or inject malicious headers into encrypted messages, potentially facilitating phishing and social engineering attacks. No patch is currently available for affected installations.

Input validation flaw in Devolutions Server error message page enables remote spoofing attacks.

Insecure password saving enforcement in Devolutions Remote Desktop Manager 2025.3.

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. [CVSS 2.0 LOW]

Twenty CRM v1.15.0 has a code injection vulnerability enabling remote attackers to execute arbitrary code through the CRM platform.

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection.

Remote code injection in eosphoros-ai db-gpt 0.7.5 allows unauthenticated attackers to execute arbitrary code through malicious file uploads to the Flow Import endpoint. The vulnerability exploits unsafe module loading in the file import functionality and has public exploit code available. No patch is currently available from the vendor.

Maxsite Cms versions up to 109.1. contains a vulnerability that allows attackers to code injection (CVSS 7.3).

Remote code execution in Statmatic CMS versions prior to 5.73.11 and 6.4.0 allows authenticated users with control panel access and permission to modify Antlers-enabled fields to execute arbitrary code in the application context. An attacker exploiting this vulnerability can fully compromise the application, including stealing sensitive configuration data, modifying or exfiltrating user data, and disrupting availability. A patch is available and exploitation requires authenticated access with specific field configuration permissions.

Vim versions before 9.2.0077 contain heap buffer overflow and segmentation fault vulnerabilities in swap file recovery that can be triggered by opening a specially crafted swap file, affecting users who recover sessions from untrusted sources. An attacker could exploit this to cause application crashes or potentially achieve code execution through memory corruption. A patch is available in version 9.2.0077 and later.

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. [CVSS 6.5 MEDIUM]

HTTP response header injection in Calibre Content Server prior to version 9.4.0 permits authenticated users to inject arbitrary headers through an unsanitized query parameter, potentially enabling cache poisoning, session fixation, or credential theft attacks. Any authenticated user can exploit this vulnerability directly or via social engineering, affecting all instances with authentication enabled. Public exploit code exists and no patch is currently available.

A vulnerability in @fastify/middie versions < 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware (for example, app.use('/secret', auth)).

Unauthenticated remote code execution via code injection in Johnson Controls Frick Controls Quantum HD. Fourth critical vulnerability — this one explicitly noted as unauthenticated RCE.

Second code injection vulnerability in Johnson Controls Frick Controls Quantum HD. Separate attack vector from CVE-2026-21656, same critical impact on industrial refrigeration control.

Code injection in Johnson Controls Frick Controls Quantum HD allows unauthenticated remote code execution on industrial refrigeration systems. Second critical vulnerability in the Quantum HD product line.

Code injection in OpenStack Vitrage query parser allows authenticated users to execute arbitrary Python code through crafted queries. Affects versions before 12.0.1, 13.0.0, 14.0.0, and 15.0.0. PoC available.

Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 contain an authorization bypass that allows authenticated users to escalate ordinary topics to site-wide notices or banners by manipulating request parameters, circumventing administrative controls. This vulnerability affects any Discourse instance where regular users should not have the ability to create global announcements. No patch is currently available, and administrators should review recent banner and notice changes for unauthorized modifications until updating.

Kibana versions up to 9.3.0 contains a vulnerability that allows attackers to read arbitrary files from the Kibana server filesystem, and perform Server-Side (CVSS 8.6).

The WooCommerce Photo Reviews plugin for WordPress versions up to 1.4.4 fails to properly sanitize user input in HTML contexts, enabling attackers to inject malicious scripts that execute in victims' browsers. This stored cross-site scripting vulnerability allows unauthenticated attackers to deface content or steal sensitive information from site visitors. No patch is currently available for this vulnerability.

PcVue versions 15.0.0 through 16.3.3 are vulnerable to HTTP Host header injection in the WebClient and WebScheduler authentication endpoints, allowing unauthenticated remote attackers to manipulate server behavior and potentially conduct phishing or cache poisoning attacks. The vulnerability affects the /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback, and /Authentication/Logout endpoints, with the ability to inject malicious payloads that could lead to information disclosure or data modification. Currently no patch is available for this medium-severity issue.

Authenticated attackers can execute arbitrary code on Agenta API servers through server-side template injection in the evaluator template rendering functionality, affecting self-hosted and managed platform deployments prior to version 0.86.8. The vulnerability requires valid credentials but allows complete compromise of the affected server with high confidentiality, integrity, and availability impact. Organizations running Agenta should upgrade to version 0.86.8 or later immediately.

Dottie versions 2.0.4 through 2.0.6 suffer from an incomplete prototype pollution fix that allows attackers to bypass validation by placing `__proto__` in non-first positions within dot-separated paths, affecting both `dottie.set()` and `dottie.transform()` functions. An attacker can exploit this to pollute object prototypes and achieve limited confidentiality, integrity, and availability impacts. Public exploit code exists and a patch is available in version 2.0.7.

Additional expression evaluation exploits in n8n before 2.10.1/2.9.3/1.123.22. Fourth distinct code execution path through the expression engine. Patch available.

Code injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22 allows authenticated users to execute arbitrary code by creating or editing workflows with malicious expressions. Third n8n RCE CVE in this release.

Insufficient input validation in RustFS versions 1.0.0-alpha.56 through 1.0.0-alpha.82 allows authenticated attackers to circumvent presigned POST upload policy restrictions, bypassing content-length-range, starts-with, and Content-Type controls. An attacker can exploit this to upload oversized files, write to arbitrary object keys, and spoof file types, resulting in storage exhaustion and potential unauthorized data access.

Remote attackers can inject control characters into the SUPI parameter of free5GC UDM versions up to 1.4.1, causing URL parsing failures that leak sensitive system error details and enable service fingerprinting. Public exploit code exists for this vulnerability affecting the Nudm_UEAU service across all vulnerable deployments. A patch is available and should be applied immediately, as no application-level workaround exists.

Arbitrary code injection in ImageMagick's PostScript and HTML encoders allows attackers to inject malicious code that executes when files are processed by downstream applications like Ghostscript or web viewers. The vulnerability affects versions prior to 7.1.2-15 and 6.9.13-40 due to insufficient input sanitization in the ps and html coders. Users processing untrusted image files are at risk of code execution, though no patch is currently available.

Denial of service in Valkey-Bloom module allows authenticated attackers to crash the Valkey server by sending a specially crafted RESTORE command that triggers an unhandled assertion. The vulnerability exists because the module failed to set the IO_ERRORS flag during RDB parsing, causing the server to shut down instead of gracefully handling the malformed input. A security patch is available, and administrators can mitigate the issue by disabling the RESTORE command if not required.

Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. The vulnerability could be exploited through an open port, potentially allowing unauthorized access.

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. [CVSS 5.3 MEDIUM]

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. [CVSS 7.5 HIGH]

Denial of service in Valkey 9.0.0 through 9.0.2 allows unauthenticated network attackers to crash the server by exploiting improper networking state handling after empty requests. An attacker can trigger an assertion failure that causes the Valkey process to abort, impacting availability for all users. No patch is currently available; network isolation is recommended as a mitigation.

Zscaler Internet Access Admin Portal contains an input validation flaw that enables authenticated administrators to retrieve sensitive internal information through specially crafted requests in specific configurations. The vulnerability requires high-level admin privileges and does not impact confidentiality or availability broadly, though it poses a risk in multi-tenant environments where privilege boundaries matter. Currently, no patch is available.

Zscaler Internet Access Admin Portal allows authenticated administrators to execute arbitrary backend functions through insufficient input validation in the web UI. This high-severity vulnerability requires administrative privileges and currently lacks a patch, limiting exposure but leaving affected organizations vulnerable until remediation is available. An attacker with admin credentials could bypass intended restrictions to perform unauthorized backend operations with cross-system impact.

HTTP request smuggling in Akamai Ghost CDN edge servers before 2026-02-06 allows remote attackers to craft malicious requests with conflicting hop-by-hop headers that cause improper message framing when forwarded to origin servers. An attacker can exploit this to inject unauthorized requests or bypass security controls by manipulating how the origin server interprets the request body. No patch is currently available.

Prototype pollution in Webaudiorecorder.js versions 0.1 and 0.1.1 allows authenticated remote attackers to modify object properties through the extend function in Dynamic Config Handling, potentially leading to information disclosure or data manipulation. Public exploit code exists for this vulnerability, though exploitation requires high complexity and specific preconditions. The vendor has not released a patch and did not respond to disclosure attempts.

SQL/code injection in Dromara UJCMS 10.0.2 allows authenticated remote attackers to manipulate database driver parameters (driverClassName/url) through the ImportDataController's import-channel endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response. Successful exploitation could result in unauthorized data access, modification, or system availability impacts.

OpenSift versions 1.1.2-alpha and below allow authenticated attackers to abuse the URL ingest feature's overly permissive server-side request functionality to probe or access private and local network resources from the OpenSift host. The vulnerability requires valid credentials but no user interaction, enabling attackers to enumerate or interact with internal infrastructure not otherwise accessible. No patch is currently available, though version 1.1.3-alpha contains a fix.

Svelte versions prior to 5.51.5 improperly enumerate prototype chain properties during server-side rendering attribute spreading, allowing polluted Object.prototype properties to inject unexpected attributes into SSR output or cause rendering errors. This vulnerability affects applications using SSR where the prototype chain has been previously manipulated, though client-side rendering is unaffected. The issue requires prototype pollution as a precondition but can lead to information disclosure or denial of service in vulnerable SSR environments.

Code injection in WPForms Google Sheet Connector (gsheetconnector-wpforms) WordPress plugin allows arbitrary code execution.

Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through <= 1.0. [CVSS 7.6 HIGH]

Directory Services versions up to 25.2. is affected by user interface (ui) misrepresentation of critical information (CVSS 5.3).

CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerability in CediPay prior to version 1.2.3 allows attackers to bypass input validation in the transaction API. The issue has been fixed in version 1.2.3. If upgrading is not immediately possible, restrict API access to trusted networks or IP ranges; enforce strict input validation at the application layer; and/or monitor transaction logs for anomalies or suspicious activity. These mitigations reduce exposure but do not fully elim...

Arbitrary PDF object injection in jsPDF before 4.2.0 allows unauthenticated attackers to execute malicious actions or manipulate document structure through unvalidated input to the addJS method, affecting any user opening a crafted PDF. Public exploit code exists for this vulnerability. The issue is resolved in jsPDF 4.2.0, with a temporary mitigation of escaping parentheses in user-supplied JavaScript before passing it to addJS.

XStore versions 9.6.4 and earlier fail to properly sanitize HTML script tags, enabling attackers to inject malicious code that executes in users' browsers. This stored or reflected cross-site scripting vulnerability requires no authentication or user interaction, allowing attackers to steal session tokens, deface content, or redirect users to malicious sites. No patch is currently available, leaving affected installations vulnerable.

Everest Forms through version 3.4.1 fails to properly sanitize HTML script tags, enabling unauthenticated attackers to inject malicious code and compromise site integrity. The vulnerability allows attackers to perform code injection attacks without authentication or user interaction, potentially leading to data theft or malware distribution. No patch is currently available for this vulnerability.

OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata (topic/description) can be incorporated into the model's system prompt. [CVSS 3.7 LOW]

Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and Privileged Access Service.

Memory allocation profiling in the Linux kernel fails to properly clear allocation tags during abort operations when CONFIG_MEM_ALLOC_PROFILING_DEBUG is enabled, allowing a local privileged user to trigger a denial of service through kernel warnings and potential system instability. The vulnerability affects the slab memory allocator's interaction with memcg abort handling and requires local access with elevated privileges to exploit. No patch is currently available for this medium-severity issue.

An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. [CVSS 7.8 HIGH]

NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. [CVSS 7.8 HIGH]

NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

Arbitrary PHP code execution in Product Addons for WooCommerce plugin (versions up to 3.1.0) through unsafe use of eval() on unsanitized conditional logic operators allows Shop Manager-level and higher-privileged WordPress users to execute malicious code on affected servers. The vulnerability stems from insufficient input validation in the evalConditions() function where user-supplied operator parameters are passed directly to PHP's eval() without sanitization. No patch is currently available.

Cart All In One For WooCommerce (WordPress plugin) versions up to 1.1.21. contains a security vulnerability (CVSS 7.2).

Server-Side Template Injection (SSTI) in Datart v1.0.0-rc.3 via Freemarker template engine allows authenticated users to execute arbitrary code on the server.

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file. [CVSS 8.8 HIGH]

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace. [CVSS 7.8 HIGH]