Skip to main content

Code Injection

web CRITICAL

Code injection occurs when an application accepts user input and passes it directly into a language interpreter or evaluator without proper sanitization.

How It Works

Code injection occurs when an application accepts user input and passes it directly into a language interpreter or evaluator without proper sanitization. Unlike command injection (which targets the OS shell), code injection exploits the application's own scripting engine—Python's eval(), PHP's eval(), JavaScript's eval(), Ruby's instance_eval(), or similar dynamic execution functions. The attacker crafts input that, when interpreted, executes arbitrary code within the application's runtime context.

Common attack vectors include server-side template engines where user input reaches expression evaluators, configuration files that are dynamically loaded and executed, code validators that ironically execute the code they're supposed to check, and endpoints that process serialized objects or callable definitions. In Python applications, decorators evaluated at class definition time present particularly dangerous targets since they execute before any runtime validation occurs.

The exploitation chain typically begins with identifying an endpoint that processes structured input—API parameters, file uploads, configuration snippets. The attacker then crafts payloads that break out of intended data contexts into executable code contexts. For instance, injecting @os.system('whoami') as a decorator definition, or embedding {{ ''.__class__.__mro__[1].__subclasses__() }} in template syntax to access Python internals and escalate to operating system commands.

Impact

  • Complete server compromise — execute arbitrary Python, PHP, Ruby, or JavaScript code with application privileges
  • Operating system command execution — break out from language runtime to system shell via subprocess calls
  • Data exfiltration — read database credentials, environment variables, source code, and business data
  • Persistence establishment — modify application files, inject backdoors, create scheduled tasks
  • Lateral movement — leverage server access to attack internal network resources and connected services

Real-World Examples

A critical vulnerability in Langflow, a popular AI workflow framework with over 50,000 GitHub stars, exposed an unauthenticated /api/v1/validate/code endpoint meant to check Python code safety. Attackers discovered they could inject malicious decorators into class definitions. Since Python evaluates decorators at class definition time-before the AST validation logic even ran-the payload executed immediately when passed to exec(). This provided complete remote code execution without authentication.

Web template engines frequently suffer from code injection when developers allow user content in template expressions. An attacker might inject {{7*7}} to test for evaluation, then escalate to {{config.items()}} to dump Flask configuration, ultimately reaching {{''.__class__.__bases__[0].__subclasses__()}} to navigate Python's object hierarchy and invoke system commands.

Configuration management systems that dynamically import or evaluate user-supplied configuration have enabled attackers to inject executable code disguised as YAML anchors, JSON with embedded expressions, or INI files with interpreted sections.

Mitigation

  • Eliminate dynamic code execution — refactor to use data-driven approaches instead of eval(), exec(), Function(), or similar constructs
  • Abstract Syntax Tree (AST) allowlisting — if code execution is unavoidable, parse input into AST and validate against a strict allowlist of permitted operations before execution
  • Sandboxed execution environments — use restricted interpreters (Python's RestrictedPython), containers, or separate processes with minimal privileges
  • Remove or authenticate debug/validation endpoints — code validators and test endpoints are prime targets
  • Input type enforcement — accept only serialized data formats (JSON, Protocol Buffers) that cannot contain executable code
  • Defense in depth — run application with minimal OS privileges, use network segmentation, monitor for unusual subprocess creation

Recent CVEs (4853)

EPSS 2% CVSS 9.8
CRITICAL Act Now

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Code Injection Maximo Asset Management
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Contao is an open source CMS that allows you to create websites and scalable web applications. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Java +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Exim
NVD
EPSS 79% CVSS 8.8
HIGH POC THREAT This Week

A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Code Injection Manageengine Adselfservice Plus
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Rocket Chat
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in the better-macro crate through 2021-07-22 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Better Macro
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Hub
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection +1
NVD
EPSS 60% CVSS 8.8
HIGH POC THREAT This Week

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Pi Hole
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Courier Mail Server
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Code Injection Emc Idrac8 Firmware +1
NVD
EPSS 27% CVSS 8.8
HIGH POC THREAT This Week

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Code Injection +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Admin Console
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause code injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Code Injection Emui +1
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP +2
NVD WPScan
EPSS 1% CVSS 7.8
HIGH POC This Week

A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Cisco RCE Code Injection +1
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Code Injection Netweaver Application Server Abap
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Everything
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in Echo ShareCare 8.15.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Sharecare
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Code Injection Sign Up Sheets
NVD WPScan
EPSS 1% CVSS 5.3
MEDIUM POC This Month

In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Transaction Management
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Total4
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Total Js
NVD GitHub
EPSS 20% CVSS 8.1
HIGH POC THREAT This Week

A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Cisco RCE Code Injection +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Storage Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Code Injection
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Machform
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Nodemailer
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Code Injection Security Identity Manager Adapter
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Narou
NVD GitHub
EPSS 58% CVSS 9.8
CRITICAL POC THREAT Act Now

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Business Intelligence And Reporting Tools
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Code Injection Race Condition Bluetooth Core Specification
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Code Injection Diskstation Manager +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Code Injection Diskstation Manager +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Growi
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Code Injection Phpmailer Fedora
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Android
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Go Driver
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Jwt Attack Id Bravura Security Fabric
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Cpp4 Firmware Cpp6 Firmware +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Infrabox
NVD GitHub
EPSS 3% CVSS 7.3
HIGH PATCH This Week

Microsoft Outlook Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft +3
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Reg Keygen Git Hash
NVD GitHub
EPSS 18% CVSS 6.5
MEDIUM POC THREAT This Month

A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Bf 430 Firmware Bf 431 Firmware +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Code Injection Chrome +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Code Injection +2
NVD
EPSS 20% CVSS 8.8
HIGH POC THREAT This Week

Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection +1
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

OneDev is a development operations platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection LDAP Onedev
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Code Injection +1
NVD WPScan
EPSS 37% CVSS 9.8
CRITICAL POC THREAT Act Now

A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection +1
NVD
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Xwiki
NVD GitHub
EPSS 78% CVSS 8.8
HIGH POC PATCH THREAT This Week

XStream is software for serializing Java objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Java +17
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cubecart 6.4.2 allows Session Fixation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Session Fixation Cubecart
NVD GitHub
EPSS 95% CVSS 9.8
CRITICAL POC THREAT Act Now

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Rocket Chat
NVD Exploit-DB
EPSS 14% CVSS 7.2
HIGH KEV THREAT This Week

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Connect Secure +1
NVD
EPSS 41% CVSS 8.8
HIGH KEV THREAT This Week

A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Code Injection +1
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Microsoft +1
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Red Hat Code Injection Ceph +3
NVD
EPSS 24% CVSS 5.4
MEDIUM POC THREAT This Month

Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Knowage
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel 5.8.9. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required.

Code Injection Linux Linux Kernel +7
NVD GitHub VulDB
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Samsung Code Injection Galaxy I9305 Firmware +12
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Code Injection Galaxy I9305 Firmware +17
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft Awus036H Firmware +5
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft Awus036H Firmware +94
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft Awus036H Firmware +193
NVD GitHub VulDB
EPSS 0% 4.2 CVSS 3.5
LOW POC Monitor

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ieee 802 11 Mac80211 +179
NVD GitHub VulDB
EPSS 30% CVSS 8.8
HIGH POC PATCH THREAT Act Now

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Microsoft +3
NVD
EPSS 0% CVSS 7.1
HIGH This Week

SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Code Injection SAP Business One Hana Chef Cookbook +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Denial Of Service SAP +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Local File Inclusion vulnerability of the omni-directional communication system allows remote authenticated attacker inject absolute path into Url parameter and access arbitrary file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Omnidirectional Communication System
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Kennnyshiwa-cogs contains cogs for Red Discordbot. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Kennnyshiwa Cogs
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Code Injection Catalyst Sd Wan Manager +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Flow Vaadin
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in SolarWinds Serv-U before 15.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Serv U
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Code Injection Unomi
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Prisma VS Code a VSCode extension for Prisma schema files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Language Tools
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

There is a JavaScript injection vulnerability in certain Huawei smartphones. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Code Injection P30 Firmware
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Code Injection Spectrum Scale
NVD
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Docker RCE Code Injection +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Code Injection Purl
NVD GitHub
EPSS 6% CVSS 8.8
HIGH POC This Week

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Code Injection Jquery Bbq
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Code Injection Backbone Query Parameters
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Code Injection Jquery Plugin Query Object
NVD GitHub
EPSS 100% CVSS 10.0
CRITICAL POC KEV THREAT Emergency

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gitlab Code Injection
NVD Exploit-DB
Prev Page 38 of 54 Next

Quick Facts

Typical Severity
CRITICAL
Category
web
Total CVEs
4853

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy