Skip to main content

Code Injection

web CRITICAL

Code injection occurs when an application accepts user input and passes it directly into a language interpreter or evaluator without proper sanitization.

How It Works

Code injection occurs when an application accepts user input and passes it directly into a language interpreter or evaluator without proper sanitization. Unlike command injection (which targets the OS shell), code injection exploits the application's own scripting engine—Python's eval(), PHP's eval(), JavaScript's eval(), Ruby's instance_eval(), or similar dynamic execution functions. The attacker crafts input that, when interpreted, executes arbitrary code within the application's runtime context.

Common attack vectors include server-side template engines where user input reaches expression evaluators, configuration files that are dynamically loaded and executed, code validators that ironically execute the code they're supposed to check, and endpoints that process serialized objects or callable definitions. In Python applications, decorators evaluated at class definition time present particularly dangerous targets since they execute before any runtime validation occurs.

The exploitation chain typically begins with identifying an endpoint that processes structured input—API parameters, file uploads, configuration snippets. The attacker then crafts payloads that break out of intended data contexts into executable code contexts. For instance, injecting @os.system('whoami') as a decorator definition, or embedding {{ ''.__class__.__mro__[1].__subclasses__() }} in template syntax to access Python internals and escalate to operating system commands.

Impact

  • Complete server compromise — execute arbitrary Python, PHP, Ruby, or JavaScript code with application privileges
  • Operating system command execution — break out from language runtime to system shell via subprocess calls
  • Data exfiltration — read database credentials, environment variables, source code, and business data
  • Persistence establishment — modify application files, inject backdoors, create scheduled tasks
  • Lateral movement — leverage server access to attack internal network resources and connected services

Real-World Examples

A critical vulnerability in Langflow, a popular AI workflow framework with over 50,000 GitHub stars, exposed an unauthenticated /api/v1/validate/code endpoint meant to check Python code safety. Attackers discovered they could inject malicious decorators into class definitions. Since Python evaluates decorators at class definition time-before the AST validation logic even ran-the payload executed immediately when passed to exec(). This provided complete remote code execution without authentication.

Web template engines frequently suffer from code injection when developers allow user content in template expressions. An attacker might inject {{7*7}} to test for evaluation, then escalate to {{config.items()}} to dump Flask configuration, ultimately reaching {{''.__class__.__bases__[0].__subclasses__()}} to navigate Python's object hierarchy and invoke system commands.

Configuration management systems that dynamically import or evaluate user-supplied configuration have enabled attackers to inject executable code disguised as YAML anchors, JSON with embedded expressions, or INI files with interpreted sections.

Mitigation

  • Eliminate dynamic code execution — refactor to use data-driven approaches instead of eval(), exec(), Function(), or similar constructs
  • Abstract Syntax Tree (AST) allowlisting — if code execution is unavoidable, parse input into AST and validate against a strict allowlist of permitted operations before execution
  • Sandboxed execution environments — use restricted interpreters (Python's RestrictedPython), containers, or separate processes with minimal privileges
  • Remove or authenticate debug/validation endpoints — code validators and test endpoints are prime targets
  • Input type enforcement — accept only serialized data formats (JSON, Protocol Buffers) that cannot contain executable code
  • Defense in depth — run application with minimal OS privileges, use network segmentation, monitor for unusual subprocess creation

Recent CVEs (4852)

EPSS 1% CVSS 8.0
HIGH This Week

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Powerstoreos
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Code Injection Secure Network Analytics
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Code Injection Active Storage +1
NVD GitHub
EPSS 5% CVSS 8.8
HIGH PATCH This Week

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP RCE Code Injection +3
NVD GitHub
EPSS 5% CVSS 7.8
HIGH This Week

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Zyxel Vpn100 Firmware +64
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Code Injection Maven Shared Utils +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Code Injection Tensorflow
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

HTML injection via report name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Code Injection Cyber Protect
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Tooljet
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Code Injection in GitHub repository publify/publify prior to 9.2.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Publify
NVD GitHub
EPSS 18% CVSS 9.8
CRITICAL POC THREAT Act Now

IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection +2
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM This Month

An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Code Injection Pinniped
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Magnitude Simba Amazon Redshift Jdbc Driver
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Magnitude Simba Amazon Athena Jdbc Driver
NVD
EPSS 5% CVSS 8.8
HIGH POC This Week

Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Command Injection +3
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL PATCH Act Now

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Privilege Escalation Kubernetes RCE +4
NVD GitHub
EPSS 2% CVSS 9.6
CRITICAL POC PATCH Act Now

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection XSS +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Code Injection Firepower Threat Defense
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Csv Safe
NVD GitHub
EPSS 0% CVSS 7.7
HIGH This Week

In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Pycharm
NVD
EPSS 0% CVSS 7.7
HIGH This Week

In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Intellij Idea
NVD
EPSS 0% CVSS 3.2
LOW Monitor

In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Intellij Idea
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Intellij Idea
NVD
EPSS 0% CVSS 7.7
HIGH This Week

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Intellij Idea
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Intellij Idea
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Redis +4
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Nextcloud Nextcloud Server
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Ballcat Codegen provides the function of online editing code to generate templates. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Codegen
NVD GitHub
EPSS 33% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Command Injection +2
NVD GitHub
EPSS 85% CVSS 7.5
HIGH POC KEV THREAT This Week

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Zimbra Collaboration Suite
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Acunetix
NVD
EPSS 40% CVSS 7.2
HIGH POC THREAT This Week

The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Code Injection +3
NVD WPScan
EPSS 2% CVSS 7.2
HIGH This Week

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Code Injection Apple +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Apple Signal
NVD GitHub
EPSS 99% CVSS 10.0
CRITICAL POC KEV PATCH THREAT Act Now

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java RCE Code Injection +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google RCE Code Injection +1
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

VMware RCE Code Injection +5
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Bolt Cms
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Control For Beaglebone Sl Control For Beckhoff Cx9020 +18
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Live Helper Chat
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC PATCH This Week

Combodo iTop is a web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Itop
NVD GitHub
EPSS 21% CVSS 9.8
CRITICAL POC THREAT Act Now

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Memcached
NVD GitHub
EPSS 9% CVSS 7.2
HIGH POC This Week

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection +1
NVD GitHub Exploit-DB
EPSS 6% CVSS 5.3
MEDIUM POC This Month

Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Securitygateway
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection +39
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection +28
NVD Exploit-DB
EPSS 3% CVSS 7.2
HIGH This Week

Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell RCE Code Injection +5
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ruoyi
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Flex 1085 Firmware
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Taocms
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Accesslog
NVD GitHub
EPSS 19% CVSS 8.8
HIGH PATCH This Week

A flaw was found in CRI-O in the way it set kernel options for a pod. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes RCE Code Injection +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection +1
NVD GitHub
EPSS 9% CVSS 7.2
HIGH POC PATCH This Week

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Ssti Code Injection Sqlpad
NVD GitHub
EPSS 2% CVSS 6.7
MEDIUM POC PATCH This Month

Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

RCE Code Injection Microweber
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Ipdio Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Ipdio Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Static Code Injection in GitHub repository microweber/microweber prior to 1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Microweber
NVD GitHub
EPSS 78% CVSS 7.2
HIGH POC PATCH THREAT Act Now

MyBB is a free and open source forum software. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Code Injection +1
NVD GitHub Exploit-DB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

.NET and Visual Studio Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Net +5
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Pytorch Lightning
NVD GitHub
EPSS 98% CVSS 10.0
CRITICAL POC KEV PATCH THREAT Act Now

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection +10
NVD Exploit-DB
EPSS 45% CVSS 8.8
HIGH POC THREAT This Week

HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Hoteldruid
NVD GitHub Exploit-DB
EPSS 44% CVSS 8.8
HIGH POC PATCH THREAT This Week

Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Dolibarr Erp Crm
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub VulDB
EPSS 4% CVSS 9.8
CRITICAL Act Now

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Youtrack
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Integrated Lights Out
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection A Blog Cms
NVD
EPSS 18% CVSS 8.8
HIGH This Week

Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Code Injection +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Apple Cryptomator
NVD
EPSS 74% CVSS 8.8
HIGH POC PATCH THREAT Act Now

Sourcegraph is a code search and navigation engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Sourcegraph
NVD GitHub Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ez Platform Kernel
NVD
EPSS 44% CVSS 7.5
HIGH POC PATCH THREAT This Week

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Microweber
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Jpress
NVD GitHub VulDB
EPSS 3% CVSS 7.2
HIGH POC This Week

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Jpress
NVD GitHub VulDB
EPSS 3% CVSS 7.2
HIGH POC This Week

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Jpress
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Jpress
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Code Injection Safari Montage
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Certain NETGEAR devices are affected by server-side injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Netgear Code Injection Rbk40 Firmware +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Certain NETGEAR devices are affected by server-side injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Netgear Code Injection Rbk40 Firmware +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Certain NETGEAR devices are affected by server-side injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Netgear Code Injection Rbk40 Firmware +9
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Certain NETGEAR devices are affected by server-side injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Netgear Code Injection D7800 Firmware +31
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Certain NETGEAR devices are affected by server-side injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Netgear Code Injection D6200 Firmware +27
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Certain NETGEAR devices are affected by server-side injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Netgear Code Injection D6200 Firmware +26
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Netgear Code Injection R6400 Firmware
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

This affects versions of the package unisharp/laravel-filemanager before 2.6.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection +1
NVD GitHub
EPSS 40% CVSS 9.8
CRITICAL POC THREAT Act Now

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Thinfinity Virtualui
NVD GitHub Exploit-DB
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in UiPath Assistant 21.4.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Assistant
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Abap Platform +1
NVD
Prev Page 36 of 54 Next

Quick Facts

Typical Severity
CRITICAL
Category
web
Total CVEs
4852

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy