Skip to main content

Code Injection

web CRITICAL

Code injection occurs when an application accepts user input and passes it directly into a language interpreter or evaluator without proper sanitization.

How It Works

Code injection occurs when an application accepts user input and passes it directly into a language interpreter or evaluator without proper sanitization. Unlike command injection (which targets the OS shell), code injection exploits the application's own scripting engine—Python's eval(), PHP's eval(), JavaScript's eval(), Ruby's instance_eval(), or similar dynamic execution functions. The attacker crafts input that, when interpreted, executes arbitrary code within the application's runtime context.

Common attack vectors include server-side template engines where user input reaches expression evaluators, configuration files that are dynamically loaded and executed, code validators that ironically execute the code they're supposed to check, and endpoints that process serialized objects or callable definitions. In Python applications, decorators evaluated at class definition time present particularly dangerous targets since they execute before any runtime validation occurs.

The exploitation chain typically begins with identifying an endpoint that processes structured input—API parameters, file uploads, configuration snippets. The attacker then crafts payloads that break out of intended data contexts into executable code contexts. For instance, injecting @os.system('whoami') as a decorator definition, or embedding {{ ''.__class__.__mro__[1].__subclasses__() }} in template syntax to access Python internals and escalate to operating system commands.

Impact

  • Complete server compromise — execute arbitrary Python, PHP, Ruby, or JavaScript code with application privileges
  • Operating system command execution — break out from language runtime to system shell via subprocess calls
  • Data exfiltration — read database credentials, environment variables, source code, and business data
  • Persistence establishment — modify application files, inject backdoors, create scheduled tasks
  • Lateral movement — leverage server access to attack internal network resources and connected services

Real-World Examples

A critical vulnerability in Langflow, a popular AI workflow framework with over 50,000 GitHub stars, exposed an unauthenticated /api/v1/validate/code endpoint meant to check Python code safety. Attackers discovered they could inject malicious decorators into class definitions. Since Python evaluates decorators at class definition time-before the AST validation logic even ran-the payload executed immediately when passed to exec(). This provided complete remote code execution without authentication.

Web template engines frequently suffer from code injection when developers allow user content in template expressions. An attacker might inject {{7*7}} to test for evaluation, then escalate to {{config.items()}} to dump Flask configuration, ultimately reaching {{''.__class__.__bases__[0].__subclasses__()}} to navigate Python's object hierarchy and invoke system commands.

Configuration management systems that dynamically import or evaluate user-supplied configuration have enabled attackers to inject executable code disguised as YAML anchors, JSON with embedded expressions, or INI files with interpreted sections.

Mitigation

  • Eliminate dynamic code execution — refactor to use data-driven approaches instead of eval(), exec(), Function(), or similar constructs
  • Abstract Syntax Tree (AST) allowlisting — if code execution is unavoidable, parse input into AST and validate against a strict allowlist of permitted operations before execution
  • Sandboxed execution environments — use restricted interpreters (Python's RestrictedPython), containers, or separate processes with minimal privileges
  • Remove or authenticate debug/validation endpoints — code validators and test endpoints are prime targets
  • Input type enforcement — accept only serialized data formats (JSON, Protocol Buffers) that cannot contain executable code
  • Defense in depth — run application with minimal OS privileges, use network segmentation, monitor for unusual subprocess creation

Recent CVEs (4842)

EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in Google Chrome's Keyboard implementation prior to version 149.0.7827.53 enables remote unauthenticated attackers to inject arbitrary scripts or HTML across origin boundaries via a crafted HTML page. The Scope:Changed CVSS vector reflects the fundamental nature of this class: successful exploitation bypasses the Same-Origin Policy, potentially granting script access to sessions, cookies, and DOM content across all origins open in the browser. No public exploit has been identified at time of analysis, and the EPSS score of 0.06% (18th percentile) indicates low current exploitation probability, though UXSS primitives are historically high-value for targeted attacks.

Google Code Injection Chrome +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Script and HTML injection into privileged Chrome pages is possible in Google Chrome prior to 149.0.7827.53 through insufficient policy enforcement in the Extensions subsystem. An attacker who convinces a user to install a crafted malicious extension can leverage this to inject content into otherwise-restricted privileged pages, compromising page integrity. EPSS is 0.01% (1st percentile), no KEV listing exists, and no public exploit has been identified at time of analysis - indicating low observed exploitation pressure despite the network-accessible attack vector.

Google Code Injection Chrome
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in Google Chrome for Android's Tab Group Sync feature allows remote unauthenticated attackers to inject arbitrary scripts or HTML via malicious network traffic against Chrome versions prior to 149.0.7827.53. The CVSS Changed Scope (S:C) confirms that injected content escapes the vulnerable component's origin boundary, affecting other origins - the defining characteristic of UXSS, which is more severe than conventional XSS because it bypasses the browser-level same-origin policy rather than just application-level controls. No public exploit has been identified at time of analysis, and EPSS at 0.07% (22nd percentile) reflects low current exploitation probability; the vulnerability is not listed in CISA KEV.

Google Code Injection Chrome
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code through a crafted HTML page that triggers script injection in the Headless component. The flaw is rated High severity by Chromium and carries a CVSS 3.1 base score of 8.8, requiring only that a victim load attacker-controlled web content. No public exploit identified at time of analysis, but Google has released a fix in the Stable channel update for desktop.

Code Injection Google RCE +3
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in Google Chrome's DevTools component allows an attacker who has already compromised the renderer process to inject arbitrary scripts or HTML across security origins via a crafted HTML page, bypassing the same-origin policy. Affected versions are all Chrome releases prior to 149.0.7827.53. No public exploit code exists and no active exploitation has been observed; this vulnerability functions as a second-stage capability within a broader attack chain requiring prior renderer compromise.

Google Code Injection Red Hat +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Metric injection in the Etsy::StatsD Perl module (versions through 1.002002) allows remote attackers to inject arbitrary statsd metrics by supplying input containing unescaped newlines, colons, or pipe characters to metric names or values. Applications that build metrics from untrusted sources (HTTP parameters, user identifiers, log fields) can be coerced into emitting forged measurements, corrupting downstream monitoring, dashboards, and alerting. No public exploit identified at time of analysis, and the issue is not present in CISA KEV.

Code Injection Etsy
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Metric injection in Net::Statsd for Perl (all versions before 0.13) allows network-reachable, unauthenticated attackers to forge additional StatsD metric lines by embedding newlines, colons, or pipes in metric names or values passed through the library. Any application that feeds untrusted external input into Net::Statsd method calls without prior sanitization is directly exposed, because the wire format uses those characters as delimiters between metrics in a single UDP datagram. No public exploit code exists and this vulnerability is not listed in CISA KEV; however, the CVSS AV:N/AC:L/PR:N/UI:N surface warrants prompt patching wherever user-controlled strings reach metric instrumentation calls.

Code Injection Net
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Metric name injection in Net::Async::Statsd::Client (Perl, versions through 0.005) allows network-reachable, unauthenticated attackers to inject arbitrary StatsD metrics by supplying untrusted input containing unfiltered newlines, colons, or pipe characters. Because the StatsD wire protocol uses these characters as structural delimiters, unsanitized metric names sourced from user-controlled data can be interpreted as additional, attacker-controlled metrics by the receiving StatsD server. No public exploit identified at time of analysis and EPSS sits at the 9th percentile (0.03%), indicating low observed exploitation pressure, but any Perl application forwarding externally-supplied values as StatsD metric names is directly in scope.

Code Injection Net
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Server-side request forgery and potential remote code execution in Docling versions 2.82.0 through 2.90.x affect deployments that explicitly enable the Playwright-based HTML rendering backend. When `render_page=True` is set, untrusted HTML documents can execute arbitrary JavaScript in the rendering browser context and reach internal network services, enabling SSRF, data exfiltration, or code execution in the rendering environment. No public exploit identified at time of analysis, and the issue is not in CISA KEV, but a vendor-confirmed fix exists in 2.91.0.

Code Injection SSRF RCE
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Boot script injection in OpenStack Ironic versions up to and including 35.0.x allows authenticated tenants to influence boot scripts processed by the bare-metal provisioning service, with integrity impact extending across a CVSS scope change to the provisioned hardware. Confirmed by upstream advisory OSSA-2026-017 and an Ubuntu USN, with no public exploit identified at time of analysis and an EPSS of 0.03% indicating no observed exploitation activity.

Code Injection Ironic
NVD VulDB
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Cookie context confusion in Django's signed cookie implementation allows a remote low-privileged attacker to substitute a cookie signed in one application context into a different context where a distinct (name, salt) pair produces the same concatenated string. Affected are Django 6.0 before 6.0.6 and Django 5.2 before 5.2.15; older unsupported series (5.0.x, 4.1.x, 3.2.x) were not evaluated but may also be affected. The real-world impact is limited to low-confidence data exposure (VC:L), with no public exploit identified at time of analysis, and the CVSS 4.0 score of 2.3 reflects a low-severity, contextually constrained flaw.

Jwt Attack Code Injection Python
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Header injection via parser differential in daphne before 4.2.2 allows unauthenticated remote attackers to smuggle synthetic headers into the ASGI scope received by Django applications during WebSocket handshake processing. The root cause is that Twisted (which daphne uses to parse inbound HTTP) ignores six specific Unicode bytes as line separators, while autobahn (which daphne feeds for WebSocket negotiation) calls Python's str.splitlines() and recognizes them - causing a single header value to be split into multiple injected header lines. No public exploit has been identified at time of analysis, and CVSS scores this at 3.7 (Low) due to high attack complexity, though real-world severity scales with how heavily the downstream application trusts ASGI-scope headers for security decisions.

Code Injection Request Smuggling Daphne +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Log injection in morgan Node.js middleware versions 1.2.0 through 1.10.1 allows unauthenticated remote attackers to forge access log entries by embedding CR or LF control characters in the Basic authentication username of the Authorization request header. The :remote-user format token writes this value to the log stream without sanitization, breaking the one-request-per-line log structure and enabling attackers to fabricate arbitrary log lines visible to downstream consumers such as SIEMs or log aggregators. No active exploitation is confirmed (not in CISA KEV) and no public exploit code is identified at time of analysis, but the zero-prerequisite network attack vector and widespread use of morgan across the Node.js/Express ecosystem make this a meaningful integrity risk for security monitoring pipelines.

Code Injection Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Remote code execution in Koha v.25.11 and earlier allows unauthenticated network attackers to inject and execute arbitrary code through the Z39.50 configuration module. Koha is a widely deployed open-source integrated library system (ILS); the affected component handles Z39.50, a standard client-server protocol used for querying remote library catalogues. No public exploit identified at time of analysis, though a researcher technical write-up is publicly available at g03m0n.github.io, and EPSS exploitation probability is low at 0.05% (16th percentile). Notable discrepancy: CVSS impact scores (C:L/I:L) appear understated relative to the arbitrary code execution claim and should be treated with caution.

Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Error message injection in Go's net/textproto standard library package allows unauthenticated remote attackers to embed attacker-controlled content into error strings that applications subsequently print or log. Affected Go releases span all net/textproto versions prior to 1.25.11 and 1.26.4, covering a broad surface area of Go-based HTTP, MIME, and mail-handling applications. No public exploit code exists and exploitation probability is extremely low (EPSS 0.02%, 5th percentile), but the integrity risk is real in deployments where net/textproto errors are surfaced to logs, monitoring systems, or user-facing output without sanitization.

Code Injection Suse Red Hat
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Infinity Acute Care System Standalone Infinity M540 Patient Monitor
NVD
EPSS 0% CVSS 8.7
HIGH POC Monitor

Remote code execution in BrowserStack Runner through version 0.9.5 allows network-adjacent unauthenticated attackers to execute arbitrary code on the host system by sending crafted JSON to the /_log HTTP handler. The flaw stems from unsafe use of vm.runInNewContext() combined with eval(), and a known sandbox-escape technique via util.format and this.constructor.constructor enables full host compromise. No public exploit identified at time of analysis, but the technique is well-documented and the CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability.

RCE Code Injection Node.js +1
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

HTTP header injection in the Tesla Elixir HTTP client library (versions 0.8.0 through before 1.18.3) allows untrusted input forwarded into Tesla.Multipart.add_content_type_param/2 to split outbound Content-Type headers by embedding CR (\r) or LF (\n) characters. When Tesla.Multipart.headers/1 joins content_type_params verbatim with "; ", a maliciously crafted param string terminates the current header line and inserts arbitrary headers into the outbound HTTP request sent by the Tesla client to downstream systems. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists; however, a vendor-released patch is available in version 1.18.3.

Code Injection Tesla
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

{k}="#{v}" with no validation of CR, LF, or double-quote characters, enabling a crafted value to close the quoted parameter early, forge headers like Content-Type, or corrupt the part body. No public exploit is identified at time of analysis, and the CVSS 4.0 score of 2.1 (SI:L only) reflects a narrow integrity impact confined to the downstream system receiving the forged multipart payload.

Code Injection Tesla
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in the Content Visibility for Divi Builder WordPress plugin (versions ≤ 4.02) allows authenticated attackers with Contributor-level access or higher to execute arbitrary PHP on the server by abusing the 'cvdb_content_visibility_check' parameter of the 'et_pb_text' shortcode. The flaw is a CWE-94 code injection issue disclosed by Wordfence and carries a CVSS 3.1 score of 8.8. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

RCE WordPress Code Injection
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Authorization bypass in NamelessMC 2.2.4's profile wall system allows low-privileged authenticated users to post to private or blocking profiles, and to inject replies into wall posts belonging to arbitrary profiles they would otherwise be restricted from accessing. The profile.php module processes wall post submissions before performing the visibility and block-list authorization checks, meaning the write completes before any rejection occurs. A second independent flaw in the reply branch skips verification that the target wall post belongs to the profile being accessed, enabling cross-profile reply injection via a restricted profile URL. No public exploit code has been identified and this is not listed in CISA KEV, but a patch is available in version 2.2.5.

PHP Code Injection
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in OpenMed before 1.5.2 allows unauthenticated attackers to execute arbitrary Python code on the OpenMed service by abusing broad substring matching in the PII privacy-filter model dispatcher to load attacker-controlled Hugging Face repositories with trust_remote_code=True. The flaw, reported by VulnCheck and tracked as CWE-94 (Code Injection), carries a CVSS 4.0 score of 9.3 and a vendor-released patch is available; no public exploit identified at time of analysis.

RCE Code Injection Openmed
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

HAProxy configuration injection in Red Hat OpenShift Container Platform 4 allows a low-privileged tenant with permission to create or modify Route resources to inject controlled directives into the cluster ingress configuration via the spec.path field. No public exploit identified at time of analysis, but the CVSS 8.8 score with scope change (S:C) reflects the ability to break out of the tenant boundary and impact the shared HAProxy router serving the entire cluster.

Code Injection Red Hat Openshift Container Platform 4
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

HTTP response header injection in CrowCpp Crow through v1.3.1 allows remote attackers to inject arbitrary CR/LF sequences into response headers when application code passes unvalidated input to header-setting APIs. The flaw stems from the framework not stripping \r\n characters in header keys or values, enabling CRLF injection that can lead to response splitting, cache poisoning, or XSS depending on how the embedding application uses user input. No public exploit identified at time of analysis and EPSS is very low (0.02%), but the upstream fix in PR #1167 confirms the issue and provides a sanitization routine.

Code Injection
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 allows network-based attackers to bypass security controls and execute arbitrary code on the application server. The flaw carries a CVSS 9.0 critical rating with a scope-changed impact (S:C) and requires no authentication, though high attack complexity (AC:H) suggests specific timing or environmental conditions must be met. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

IBM RCE Code Injection
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Secret exfiltration in CloudPirates Open Source Helm Charts (prior to commit fcf9302) allows unauthenticated attackers to steal repository secrets, including Docker Hub credentials and tokens, by submitting a malicious fork pull request that triggers the pull-request.yaml GitHub Actions workflow in a privileged context. No public exploit is identified at time of analysis, but the attack pattern is a well-known pwn-request misconfiguration that requires no maintainer approval, and the CVSS score of 10.0 (Critical) with scope change reflects compromise of CI/CD secrets that extend beyond the workflow boundary.

Docker RCE Code Injection
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Credential exposure in CloudPirates Open Source Helm Charts (prior to commit fcf9302) allows attackers to steal a Personal Access Token and SSH signing key by submitting a malicious pull request that the vulnerable GitHub Actions workflow checks out and executes with privileged secrets. The repository's generate-schema.yaml workflow used unsafe pull_request_target patterns combined with checkout of fork-controlled code, enabling code injection into a privileged CI context. No public exploit identified at time of analysis, but the attack pattern is well-documented for this class of GitHub Actions misconfiguration.

RCE Code Injection Helm Charts
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL Act Now

Remote code execution in Disig Web Signer versions 2.0.3 through 2.5.3 allows network-adjacent attackers to execute arbitrary code on systems running this Slovak electronic signing client when a user performs a passive interaction (e.g., visiting a malicious page or processing a crafted signing request). The flaw was reported by Slovakia's National Security Authority (incident@nbu.gov.sk) and carries a CVSS 4.0 score of 9.4 (Critical) with both vulnerable and subsequent system impact rated High, indicating a likely scope-changing condition. There is no public exploit identified at time of analysis and the vulnerability is not currently listed in the CISA KEV catalog.

RCE Code Injection
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Injection vulnerability in NousResearch hermes-agent's `_scan_memory_content` function exposes authenticated low-privileged remote users to partial confidentiality, integrity, and availability compromise across all versions through 2026.4.30. The flaw originates in `tools/memory_tool.py`, where user-controlled input is insufficiently neutralized before being passed to downstream components. No public exploit identified at time of analysis is incorrect - a public proof-of-concept exploit exists (GitHub gist), and the vendor has not responded to responsible disclosure, meaning no patch has been released.

Code Injection Hermes Agent
NVD VulDB GitHub
EPSS 0% CVSS 2.9
LOW POC PATCH Monitor

Injection vulnerability in NousResearch hermes-agent (all versions through 2026.4.30) allows remote unauthenticated attackers to exploit improper neutralization in the _sanitize_env_lines function of hermes_cli/config.py, achieving partial confidentiality, integrity, and availability impact. The flaw is tagged as code injection (CWE-74), meaning attacker-controlled input passed through this sanitization routine may reach a downstream component in an executable or interpreted context. A public proof-of-concept exploit exists (GitHub gist), though the CVSS vector assigns high attack complexity, indicating exploitation is not trivial. No vendor patch exists; the vendor was unresponsive to coordinated disclosure.

Code Injection Hermes Agent
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Remote code/prompt injection in NousResearch Hermes Agent through 0.12.0 stems from improper neutralization in the _compress_context function within run_agent.py (CWE-74). Publicly available exploit code exists and the issue is remotely triggerable without authentication per the CVSS vector, though impact is bounded to Low across confidentiality, integrity, and availability. The vendor was contacted but did not respond, leaving downstream users without an official fix at time of analysis.

Code Injection Hermes Agent
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Injection in AstrBot 4.23.6 allows authenticated remote attackers to manipulate input through the `_sanitize_prompt_description` function in `astrbot/core/skills/skill_manager.py`, bypassing sanitization and achieving partial impact on confidentiality, integrity, and availability. A publicly available exploit (POC) exists on GitHub, and the vendor did not respond to responsible disclosure, meaning no official patch has been released. No public exploit identified as confirmed actively exploited (CISA KEV), though the public POC and low-privilege entry point lower the barrier for exploitation.

Code Injection Astrbot
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Code injection in Aider-AI Aider 0.86.3 Architect Mode enables authenticated remote attackers to execute arbitrary code via the `editor_coder.run` function in `auth.py`. A public proof-of-concept exploit is available via GitHub issue #5058, lowering the barrier to exploitation. No vendor patch exists as the project has not responded to the responsible disclosure, leaving all users of the affected version exposed with no official remediation path.

RCE Code Injection Aider
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in PraisonAI's first-party A2A server example (pip package <= 4.6.39) allows unauthenticated network attackers to execute arbitrary Python on the server process by sending a JSON-RPC message/send request to /a2a that drives the LLM-backed agent into invoking an eval()-based calculate tool. The chain combines three first-party defaults - no auth_token, 0.0.0.0 bind, and an eval()-backed example tool - and was confirmed end-to-end against a real Gemini model with a canary marker file write. No public exploit identified at time of analysis beyond the proof-of-concept in the advisory itself, and the issue is not in CISA KEV.

Denial Of Service RCE Code Injection +1
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in PraisonAI versions 2.0.0 through 4.6.39 allows attackers to execute arbitrary Python code via two unguarded spec.loader.exec_module call sites in agents_generator.py. The flaw is a sibling of CVE-2026-44334: the v4.6.32 chokepoint refactor added a PRAISONAI_ALLOW_LOCAL_TOOLS env-var gate to tool_override.py but missed the load_tools_from_module and load_tools_from_module_class sinks, which load arbitrary module paths from YAML agent configuration without validation. Publicly available exploit code exists (working PoC published with the advisory) and a fixed release is available in 4.6.40.

RCE Code Injection Python
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Sandbox escape in FastGPT's JavaScript code execution worker allows authenticated remote attackers to execute arbitrary OS commands inside the sandbox container by bypassing a regex-based blocklist. The sandbox at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() using a regex that matches only ASCII whitespace between 'import' and '(', failing to account for JavaScript's syntactically valid block comment syntax - the payload import/**/("child_process") parses correctly by the JS engine but evades the regex entirely. Because the safeRequire Proxy only intercepts require() and not native ES import(), the attacker gains direct access to child_process and execSync as uid=100(sandbox). No public exploit identified at time of analysis, but the bypass technique is fully documented in the vendor advisory and is trivially reproducible by any authenticated user.

RCE Code Injection Fastgpt
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Prototype-pollution gadget in Axios (npm) before 1.15.2 and 0.31.1 allows an attacker who has already polluted Object.prototype.transformResponse in the same JavaScript process to hijack response handling, exfiltrate request config (URL, headers, auth credentials), and tamper with returned data. The flaw lives in mergeConfig() and transformData(), which read config via prototype-chain lookups, so any helper library prototype pollution becomes a credential-theft and DoS primitive for every Axios request. No public exploit identified at time of analysis beyond the advisory's PoC, and the issue is not in CISA KEV.

Denial Of Service RCE Code Injection
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Cross-origin JavaScript injection in Home Assistant Companion apps for Android (before 2026.4.4) and iOS (before 2026.4.1) allows a malicious iframe loaded inside the app's WebView to execute arbitrary JavaScript in the Home Assistant frontend's origin and steal the signed-in user's access token. The flaw stems from exposing the native JavaScript bridge (window.externalApp on Android, webkit.messageHandlers.getExternalAuth on iOS) to all frames combined with unsanitized callback identifier interpolation. No public exploit identified at time of analysis, and the issue is not in CISA KEV.

Apple RCE Google +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in Roslyn CodeLens MCP Server versions 0.0.9 through 1.17.0 allows attackers to run code in the MCP server process by tricking a victim into opening a malicious .NET solution. The get_diagnostics tool automatically loads and executes any DiagnosticAnalyzer DLL referenced by a .csproj without allowlist, signature validation, or user prompt, and includeAnalyzers defaults to true. No public exploit identified at time of analysis, but the attack pattern (malicious project file + attacker-controlled DLL) is well understood and trivial to weaponize.

RCE Code Injection Roslyn Codelens Mcp
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL Act Now

Server-side template injection in RAGFlow 0.24.0 and earlier allows any authenticated user to execute arbitrary operating system commands on the host through the Jinja2-based prompt generator (rag/prompts/generator.py). Because RAGFlow installations commonly permit open self-registration, the practical barrier is minimal: an attacker registers an account, builds a Canvas workflow chaining a DuckDuckGo retrieval node with an LLM node, and triggers the SSTI to break out of the Jinja2 sandbox. No public exploit identified at time of analysis, but the vendor security advisory describes the chain explicitly.

Ssti Code Injection
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows attackers to run arbitrary code by luring a victim to a crafted HTML page that abuses an inappropriate implementation in the browser's USB subsystem. Chromium rates the severity as High and the CVSS 8.8 vector reflects unauthenticated network exploitation with required user interaction. No public exploit identified at time of analysis, but the vendor has shipped a stable channel patch.

Google RCE Code Injection +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. The Chromium project rates the severity as High and CVSS scores it 8.8 (network-reachable, low complexity, no privileges, user interaction required). No public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), suggesting limited near-term mass-exploitation likelihood despite the high impact rating.

Google RCE Code Injection +3
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in LinkAce self-hosted link archive versions prior to 2.5.6 allows unauthenticated remote attackers to inject arbitrary mail configuration variables into the application's .env file via the initial setup database configuration flow, leading to command execution when the application subsequently sends mail. The flaw, classified as CWE-74 injection, affects instances that have not yet completed the setup wizard and carries a CVSS 8.1 (High). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Code Injection Linkace
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

CRLF injection in Music Player Daemon (MPD) before version 0.24.11 enables network-accessible, unauthenticated attackers to embed raw CR/LF bytes into URI fields parsed from malicious XSPF playlists, injecting forged key-value lines into MPD text protocol responses - including playlistinfo, currentsong, and listplaylist outputs - as well as the persistent state file. The root mechanism is Expat's decoding of XML numeric character references (e.g., &#13;&#10;) before invoking the character data callback in xspf_char_data, bypassing any empty-string checks that previously served as the only guard. No public exploit code or CISA KEV listing exists at time of analysis, but the no-authentication network vector means any MPD instance that processes externally supplied playlists is exposed; the fix also extended to ASX, PLS, and RSS playlist plugins, indicating the affected surface was broader than the CVE title implies.

Code Injection Mpd
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Server-side template injection in the compliance-trestle `trestle author jinja` command enables arbitrary command execution when operators process attacker-controlled OSCAL data (SSP documents or Lookup Tables). Because the renderer recursively re-evaluates already-rendered output through a non-sandboxed Jinja2 Environment, malicious Jinja expressions placed in data fields like a system title are executed in a second pass even when the template itself is trusted and static. A proof-of-concept is published in the GHSA advisory; no public exploit identified at time of analysis as actively used in the wild, and the issue is not on CISA KEV.

RCE Code Injection Python
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in GitButler desktop application versions prior to 0.19.7 allows attackers to execute arbitrary scripts within the Tauri webview by injecting malicious links into pull request bodies. The flaw activates when a user with forge integration enabled clicks the crafted link, leading to full compromise of the desktop client context. No public exploit identified at time of analysis, though the GitHub Security Advisory GHSA-xpmj-536r-9fc6 publicly documents the issue.

RCE Code Injection Gitbutler
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Header injection filtering bypass in Plack::Middleware::Security::Common (Perl) versions prior to 0.13.1 allows remote attackers to smuggle CRLF sequences and additional headers through request paths that are not double-encoded. The flaw weakens a security middleware specifically designed to prevent header injection, and while EPSS sits at 0.03% (9th percentile) with no public exploit identified at time of analysis, downstream impact depends on how reverse proxies and Plack-based servers handle the unblocked CRLF payloads.

Code Injection Plack
NVD
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Remote code execution in Comet Backup server allows a tenant administrator to inject arbitrary code into the backup agent signing module via insufficient character filtering, ultimately running code with elevated privileges on the Comet server and on connected backup agent devices. The vendor advisory links the issue to the branding configuration path, and no public exploit has been identified at time of analysis. Combined with a Scope:Changed CVSS:3.1 score of 9.0, successful exploitation pivots from a single tenant context into the underlying server and downstream endpoints.

RCE Code Injection Comet Backup
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Remote code execution in Yamcs (the open-source mission control framework, yamcs-core) before 5.12.7 lets an authenticated operator holding the ChangeMissionDatabase privilege overwrite a Python (Jython) algorithm via the Mission Database REST API and run arbitrary OS commands on the host. The Jython script engine is invoked without a sandbox, so injected algorithm text can import java.lang.Runtime and shell out. Publicly available exploit code exists (a full PoC is published in the GitHub Security Advisory), but the issue is not listed in CISA KEV and no public in-the-wild exploitation is identified.

RCE Java Command Injection +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in the Yamcs mission control framework (org.yamcs:yamcs-core, releases 4.7.3 through 5.12.6) lets a caller of the algorithm-override endpoint run arbitrary Java/OS code on the ground server. The Nashorn JavaScript engine that evaluates user-supplied algorithm text is created without a ClassFilter, so payloads can reach any Java class (e.g. java.lang.Runtime) and execute commands as the Yamcs process user; because the default install (no security.yaml) gives the built-in guest user superuser=true, the endpoint is reachable by an unauthenticated network attacker. A detailed working exploit is published in the GitHub Security Advisory (publicly available exploit code exists); the issue is not listed in CISA KEV and no EPSS score was provided in the input.

Java RCE Code Injection +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Authenticated cross-device task-result injection in Microsoft UFO's constellation architecture allows a low-privileged peer device to hijack the pending task response of a victim device by spoofing a TASK_END message. Specifically in version 3.0.1-4-ge2626659, the constellation server resolves pending Futures keyed solely on session_id without binding verification to the originating device, meaning any authenticated constellation participant who can supply a matching session_id can substitute attacker-controlled result data into the victim device's task flow. No public exploit has been identified at time of analysis and this CVE is not listed in the CISA KEV catalog, though the high-complexity CVSS vector (AC:H) reflects the session_id guessing or observation requirement.

Microsoft Code Injection
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Header injection in Symfony's Mime component (symfony/mime) enables attackers to inject arbitrary MIME headers into serialized email messages when an application passes untrusted input as a parameter name to ParameterizedHeader. The component correctly encodes parameter values per RFC 2045/5322 but emits parameter names verbatim, meaning CRLF sequences in a user-influenced parameter name terminate the current header line and allow arbitrary new headers to be appended. No active exploitation is confirmed (not in CISA KEV), no public exploit code has been identified, and vendor-released patches are available across all supported Symfony branches.

Code Injection
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

XPath injection in pam_usb prior to 0.9.0 allows unauthenticated remote attackers to manipulate device-verification queries against /etc/pamusb.conf, potentially bypassing USB hardware authentication entirely. PAM usernames and service names submitted through network-facing services such as SSH are passed unsanitized into XPath expressions; injecting predicates such as `' or @id='victim` causes the device-presence check to evaluate as true without the USB token physically present. No public exploit identified at time of analysis, though the GitHub security advisory, fix commit, and injection test cases demonstrating the technique are publicly available.

Code Injection Pam Usb
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated remote code execution affects Pi.Alert, an open-source WiFi/LAN intruder detector with web-based service monitoring, in all versions prior to the 2026-05-07 release. The web configuration editor writes attacker-controlled content into pialert.conf, which the background scan daemon subsequently evaluates with Python's exec(), so injected statements run with the daemon's privileges. Because the product ships with web protection disabled by default, an attacker reaching the web interface needs no credentials, yielding a CVSS 9.8 critical flaw; no public exploit identified at time of analysis.

Code Injection RCE Python
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated remote code execution affects Pi.Alert, a Python-based Wi-Fi/LAN intruder detector, in all releases prior to the 2026-05-07 fix. The web UI's SaveConfigFile() endpoint writes attacker-supplied numeric configuration values such as SMTP_PORT into pialert.conf with no validation, and because that file is reloaded via Python's exec() by a background cron job every 3-5 minutes, injected Python executes at the OS level. On default installations (PIALERT_WEB_PROTECTION = False) no credentials are required, matching the CVSS 9.8 network/no-privilege rating; there is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but trivial complexity and full CIA impact make it a high-priority patch.

Code Injection RCE Python
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in LiquidJS template engine versions before 10.26.0 lets an attacker who can supply template content escape the rendering context and run arbitrary Node.js code on the host. The `valueOf` filter leaks the engine's internal scope object (`this`), exposing the parser, filter registry, and ultimately the JavaScript Function constructor, which is chained into command execution. Rated CVSS 10.0 (CWE-94) with a complete working proof-of-concept published in the vendor advisory; it has publicly available exploit code but is not listed in CISA KEV, and no EPSS score was provided in the source data.

RCE Code Injection
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Cross-Space session fixation in Gradio before 6.15.0 lets an attacker who controls any Hugging Face Space poison a process-wide httpx.AsyncClient shared by the framework's /proxy= reverse-proxy endpoint. Because that single client keeps one cookie jar, a Set-Cookie header returned by a malicious upstream Space is stored and automatically replayed on every subsequent proxied request to sibling *.hf.space URLs, allowing the attacker to fix a parent-domain cookie across all users of the same Gradio deployment. SSVC rates exploitation as proof-of-concept with total technical impact; the issue is not in CISA KEV and is fixed in release 6.15.0 (GHSA-2mr9-9r47-px2g).

Code Injection Session Fixation Gradio
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Remote code execution in Dolibarr ERP/CRM versions 22.0.0 through 22.0.4 and 24.0.0-alpha allows network-based attackers to execute arbitrary PHP code via the commonobject.class.php component. The CVSS 7.3 (AV:N/AC:L/PR:N/UI:N) vector indicates no authentication or user interaction is required, though impact metrics are rated Low across CIA. No public exploit identified at time of analysis, and EPSS scoring is very low at 0.06% (18th percentile) despite the unauthenticated network attack surface.

RCE PHP Code Injection
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Remote code execution in Dolibarr ERP/CRM versions 22.0.0 through 22.0.4 and 24.0.0-alpha stems from unsafe use of PHP's call_user_func_array() within the cron job class, enabling attackers to execute arbitrary PHP code on the application server. The vulnerability carries CVSS 7.3 with CWE-94 (Code Injection) classification, and while no public exploit is identified at time of analysis, a security researcher writeup referenced from NVD discusses a five-year history of related dol_eval issues in Dolibarr suggesting recurring weaknesses in this code area. EPSS probability is very low at 0.06% and SSVC reports no observed exploitation, but the issue is rated automatable with partial technical impact.

RCE PHP Code Injection
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Code injection in Dolibarr ERP/CRM versions 22.0.0 through 22.0.4 and 24.0.0-alpha allows a remote, unauthenticated attacker to execute attacker-controlled PHP through the htdocs/core/actions_addupdatedelete.inc.php request handler (CWE-94). The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates a low-effort, network-reachable, no-authentication attack, though all impact metrics are rated Low (C:L/I:L/A:L), suggesting the executable surface is constrained rather than full system takeover. There is no public exploit code confirmed in the provided data and the issue is not in CISA KEV (no observed exploitation per SSVC), but a referenced research write-up and a GitHub Security Advisory exist, and SSVC rates the flaw as automatable.

Code Injection RCE PHP
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

KVM SVM subsystem in the Linux Kernel incorrectly handles the INVLPGA instruction when EFER.SVME=0, failing to inject the required #UD (Undefined Opcode) exception into the guest VM. Systems running AMD hardware virtualization (AMD-V/SVM) under KVM are affected from kernel 2.6.32 through multiple stable branches, with the flaw enabling a low-privileged guest user to trigger a high-severity availability impact. No public exploit exists and EPSS stands at 0.02% (5th percentile), indicating very low current exploitation probability; however, the kernel maintainers tagged this for stable backports across six separate stable branches, reflecting broad deployment surface.

Code Injection Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Incorrect NextRIP state management in the Linux kernel's KVM nested SVM (nSVM) subsystem causes a denial-of-service condition affecting nested AMD virtualization environments from kernel 5.8 onward. After the first L2 VMRUN completes and NextRIP is updated by the CPU or KVM, a subsequent save/restore cycle incorrectly substitutes the stale current RIP in vmcb02, corrupting virtual machine control block state and crashing the nested guest or KVM subsystem. No active exploitation has been identified (not in CISA KEV, EPSS 0.02% at 4th percentile), and the vulnerability is strictly limited to AMD hosts with nested virtualization configured using NRIPS-disabled L1 guests with injected soft interrupts.

Linux Code Injection Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Nested SVM virtualization in the Linux kernel KVM subsystem can leave the host hypervisor (L1) running with corrupted page-table state when CR3 restoration fails during a nested #VMEXIT. The root function nested_svm_vmexit() returns an error code that most callers silently ignore, meaning the host continues executing against corrupt address-space mappings rather than triggering the shutdown behavior mandated by the AMD Architecture Programmer's Manual. The fix injects a triple fault - mirroring real hardware behavior - and continues cleanup to avoid leaving vCPU state partially torn down. No public exploit exists and EPSS is 0.02%, but the availability impact is high for any host running nested AMD virtualization.

Linux Code Injection Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the Linux kernel's netfilter nfnetlink_queue subsystem allows remote attackers to cause packet drops affecting availability when nfqueue is used without the NFQA_CFG_F_GSO capability flag. The flaw is a regression where the shared-unconfirmed conntrack check was performed after skb_gso_segment(), causing GSO UDP packets associated with unconfirmed nf_conn entries to be dropped instead of queued. EPSS is very low (0.02%) with no public exploit identified at time of analysis and no CISA KEV listing, indicating low real-world urgency despite the CVSS 7.5 availability score.

Linux Code Injection
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper locking in the Linux kernel's Microsemi Ocelot network switch driver (`net/mscc/ocelot`) allows a local low-privileged user on hardware running Ocelot switch chips to trigger a race condition in `ocelot_port_xmit_inj()`, potentially causing a kernel panic or system crash. Affected stable branches span 6.1.107-6.1.164, 6.6.48-6.6.127, and 6.10.7 through 6.11 release candidates, with patches confirmed in 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, and 7.0. No public exploit identified at time of analysis; EPSS at 0.02% (7th percentile) reflects extremely low exploitation probability, consistent with the hardware-specific trigger requirement and local-only attack vector.

Code Injection Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in the WPCode WordPress plugin (versions through 2.3.5) lets authenticated author-level users run arbitrary PHP on the server. Because the plugin registers its 'wpcode' custom post type without a dedicated capability_type, WordPress falls back to standard post capabilities, so any author can create and publish PHP snippet posts via the XML-RPC wp.newPost method, which are later passed to eval() when rendered through the [wpcode] shortcode. EPSS is modest at 0.44% (63rd percentile) and there is no public exploit identified at time of analysis, but the low privilege bar and full CIA impact make this a high-priority patch for any multi-author site.

Code Injection RCE PHP +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Remote code execution in the affiliate-toolkit WordPress plugin ("Multi-Network Affiliate & Amazon Product Display") affects versions up to and including 3.8.5, letting authenticated users with Editor-level access or higher run arbitrary PHP on the host. The flaw stems from the bundled BladeOne template engine's runString() method, which compiles attacker-supplied template content into PHP and executes it through eval() with no sanitization or sandboxing. There is no public exploit identified at time of analysis and EPSS sits at a low 0.24%, but the technical impact is total because a successful injection yields full server-side code execution.

Code Injection RCE PHP +1
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Arbitrary Perl code execution in the IO::Compress distribution (all versions before 2.220) lets an attacker who controls the output glob string passed to the bundled File::GlobMapper run arbitrary Perl at the calling process's privilege. The output glob is wrapped in double quotes and later handed to Perl's eval STRING, so an embedded double quote escapes the string context and the trailing characters execute as code. This is rated CVSS 7.3 and tagged RCE/Code Injection; no public exploit was identified at time of analysis and EPSS is very low (0.03%), but a vendor patch (2.220) and the fixing commit are publicly available.

Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Remote code execution in Yamcs (Yet Another Mission Control System) versions before 5.12.7 allows an authenticated user holding the ChangeMissionDatabase privilege to run arbitrary OS commands on the server host. The flaw lives in the JavaExprAlgorithmExecutionFactory, which dynamically compiles user-supplied algorithm text with the Janino compiler without any sandbox or restrictive ClassLoader, so injected Java (e.g. java.lang.Runtime.exec) executes with the privileges of the Yamcs process. A detailed proof-of-concept exploit using a REST PATCH to override an existing algorithm is publicly available in the vendor advisory; the issue is not listed in CISA KEV.

RCE Java Code Injection
NVD GitHub
EPSS 0%
MEDIUM PATCH This Month

VM escape in Kata Containers allows any Kubernetes user with pod-creation rights to break out of the VM sandbox and gain full read/write access to the host filesystem. All Kata Containers installations prior to commit ffa59ce3aa78 are affected when using the default configuration.toml, which enables the `virtio_fs_extra_args` and `kernel_params` pod annotations out of the box. An attacker crafts a pod with two annotations: one to redirect virtiofsd to serve the host root filesystem (`/`) into the guest VM, and a second to enable the agent debug console - after which the entire host filesystem is accessible from inside the supposedly isolated VM. A fully working proof-of-concept with confirmed output against Kata Containers 3.28.0 on Ubuntu 24.04 has been publicly disclosed; no public exploit confirmed as actively exploited (CISA KEV) at time of analysis.

Ubuntu Kubernetes Gitlab +3
NVD GitHub
EPSS 1%
HIGH PATCH This Week

Pre-authentication remote code execution affects FUXA, an open-source web-based SCADA/HMI platform, in versions >= 1.2.11 and < 1.3.1 (the advisory references build v1.3.0-2706). The flaw is a path-confusion authentication bypass: the login middleware performs a substring match against the full request URL (including the query string), so appending a benign-looking parameter such as ?x=/socket.io to any administrative request causes the server to treat it as a public WebSocket handshake and skip the secureEnabled and nodeRedAuthMode checks entirely. When Node-RED is enabled with command-capable nodes, this reaches the /nodered/* admin interface and yields code execution in the container context (advisory states 'as root'). The GitHub Security Advisory (GHSA-p69w-mmfv-xrfj) discloses the exact bypass payload, so publicly available exploit details exist; there is no CISA KEV listing and no public report of active exploitation at time of analysis.

RCE Code Injection
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

LDAP injection in Yamcs LdapAuthModule (yamcs-core < 5.12.7) enables horizontal privilege escalation for authenticated low-privilege users. By submitting a wildcard character as the username alongside a single known valid LDAP password, an attacker causes the unescaped LDAP search filter to match the first user returned by the directory query, effectively authenticating as that account. A proof-of-concept exploit is publicly available in the GitHub advisory; no CISA KEV listing exists, but the low attack complexity and published PoC make this a credible threat for any Yamcs deployment using LDAP authentication.

Java LDAP Privilege Escalation +1
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Metric injection in Mojolicious::Plugin::Statsd through version 0.04 for Perl allows remote unauthenticated attackers to inject arbitrary statsd metrics by supplying crafted values containing newlines, colons, or pipe characters - the delimiters of the statsd wire protocol. Applications that pass untrusted input directly into metric names or set values are affected. No public exploit exists and EPSS is 0.01% (1st percentile), placing this firmly in the low-priority tier despite network accessibility; exploitation requires attacker-controlled data to flow into metric collection paths.

Code Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Code injection in ThingsBoard 4.3.1.0 and 4.3.1.1 allows remote attackers to embed control characters and shell metacharacters into server-generated Docker Compose YAML files and MQTT publish commands via the /api/v1/provision endpoint's getGatewayDockerComposeFile and getMqttPublishCommand functions. Device credential fields - including clientId, userName, password, and credentialsId - are passed unsanitized into YAML and shell command construction, enabling injection of shell special characters such as $, backtick, and double-quote. No public exploit has been identified at time of analysis; SSVC rates exploitation as none and EPSS is 0.04%, though the RCE tag warrants scrutiny given the CVSS 4.0 score of only 2.3.

Code Injection RCE Thingsboard
NVD VulDB GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Content injection into SAP Gateway error messages exposes internal implementation details - specifically regex patterns and URI parsing logic - to authenticated remote attackers. Affecting SAP Gateway versions 750 through 758 and SAP_BASIS 795, the flaw allows an attacker with low-level network credentials to craft inputs that surface sensitive system internals via error responses. Confidentiality impact is rated low; integrity and availability are unaffected. No active exploitation is confirmed (CISA KEV absent), and EPSS sits at 0.01%, consistent with SSVC's 'exploitation: none' assessment.

Code Injection SAP Sap Gateway
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5 and 9.0 allows unauthenticated network attackers to execute arbitrary code via a specially crafted HTTP request. The CVSS 9.8 rating reflects complete confidentiality, integrity, and availability impact with no authentication or user interaction required, though EPSS scores it at only 0.20% probability and CISA SSVC reports no current exploitation. No public exploit has been identified at time of analysis, but IBM has released a patch.

Code Injection IBM RCE +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution and denial of service in IBM HTTP Server 8.5 and 9.0 affects deployments configured with TLS mutual (client certificate) authentication, where an attacker can trigger code injection (CWE-94) over the network without prior authentication. The flaw carries a CVSS 8.1 score with high attack complexity, and IBM has published a patch (advisory node/7274065); no public exploit has been identified at time of analysis and SSVC marks exploitation as 'none' with total technical impact.

Denial Of Service Code Injection IBM +2
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Host Header Injection in e107 CMS versions prior to 2.3.4 allows remote attackers to poison password reset emails by manipulating the HTTP Host header, producing reset links that point to attacker-controlled domains. Successful exploitation enables credential harvesting and full account takeover, including administrator accounts, when a victim clicks the malicious reset link. Publicly available exploit code exists per SSVC, though EPSS (0.13%) suggests low broad-scale exploitation activity and the issue is not on the CISA KEV list.

Code Injection E107
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

Remote code execution in OpenKM Community Edition (≤6.3.12) and Professional Edition (≤7.1.47) allows authenticated administrators to execute arbitrary Java/BeanShell code via the /admin/Scripting endpoint using the action=Evaluate parameter. Publicly available exploit code exists (Exploit-DB 52520 and a Nuclei template from Terra System Labs), though no active exploitation has been confirmed in CISA KEV; EPSS sits at 0.42% (62th percentile), reflecting moderate-but-not-widespread interest.

Code Injection Java RCE +2
NVD Exploit-DB GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Authenticated code injection in the VideoWhisper Broadcast Live Video WordPress plugin (versions before 7.1.3) lets a high-privileged user execute arbitrary PHP on the underlying host, yielding full confidentiality, integrity, and availability loss on the WordPress instance. No public exploit identified at time of analysis, and EPSS exploitation probability sits at 0.04% (14th percentile), but SSVC rates the technical impact as total. A vendor patch is available in 7.1.3.

Code Injection RCE Broadcast Live Video
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Code injection in Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 allows authenticated attackers to execute arbitrary PHP via the LDAP autovalues option, which previously evaluated user-influenced expressions as code. The upstream maintainers removed code evaluation support entirely in the fixed releases. EPSS sits at 0.05% (14th percentile) and there is no public exploit identified at time of analysis, but the issue is patched and rated CVSS 7.5.

Code Injection Webmail
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

CRLF injection in the hackney Erlang HTTP client library's hackney_cookie:setcookie/3 function enables HTTP response splitting against applications using versions 0.9.0 through before 4.0.1. While the function correctly validates the Name and Value cookie arguments against CRLF and control characters, it concatenates the domain and path options verbatim into the output iolist with no equivalent check, creating an injection point. An attacker who can influence the domain or path values passed to that function - for example, by submitting a crafted Host header or URL path that an application forwards directly into the cookie-setting call - can inject arbitrary additional Set-Cookie headers into the HTTP response. No public exploit identified at time of analysis per KEV absence, though SSVC confirms a proof-of-concept exists.

Code Injection Hackney
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

LDAP filter injection in Apache Airflow FAB Auth Manager (apache-airflow-providers-fab < 3.6.4) enables unauthenticated remote attackers to manipulate LDAP query logic by embedding special characters in login credentials, resulting in directory data exfiltration or authentication bypass. The vulnerability is confirmed by source code evidence: the `_search_ldap` and `_ldap_get_nested_groups` methods in `override.py` directly interpolated user-supplied input into LDAP filter strings without sanitization. No public exploit code has been identified at time of analysis and CISA KEV does not list this CVE, but the SSVC framework marks it as automatable, meaning exploitation can be scripted at scale against exposed Airflow instances using LDAP auth.

Authentication Bypass LDAP Apache +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Injection vulnerability in KLiK SocialMediaWebsite 1.0 allows remote unauthenticated attackers to submit crafted HTTP POST request parameters to the application's input handler, achieving partial compromise of confidentiality, integrity, and availability. Classified under CWE-74 and tagged as Code Injection, the flaw carries a CVSS 4.0 score of 5.5 (Medium) with confirmed proof-of-concept exploit code publicly available (E:P). Despite the POC, EPSS places exploitation probability at 0.04% (14th percentile), indicating low observed real-world exploitation activity and a narrow effective target base.

Code Injection Klik Socialmediawebsite
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Injection via HTTP GET request parameter manipulation in KLiK SocialMediaWebsite 1.0 allows remote attackers to inject arbitrary content or code through the application's parameter handler, contingent on passive user interaction. The vulnerability carries a CVSS 4.0 base score of 2.1, reflecting limited confidentiality, integrity, and availability impact scoped exclusively to the vulnerable system with no lateral impact. Publicly available exploit code exists per the E:P exploit maturity metric and SSVC poc classification, though EPSS at 0.04% (13th percentile) and the non-KEV status indicate no observed widespread exploitation.

Code Injection Klik Socialmediawebsite
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Code injection in NousResearch hermes-agent 2026.4.23 allows remote unauthenticated attackers to inject and execute arbitrary code through the _scan_context_content function in agent/prompt_builder.py. The vulnerability has publicly available exploit code and affects all versions up to 2026.4.23, with the vendor failing to respond to disclosure attempts.

Code Injection Hermes Agent
NVD VulDB GitHub
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection PHP RCE
NVD Exploit-DB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Remote code injection in vps-inventory-monitoring allows authenticated attackers to execute arbitrary PHP code through the VpsTest console command. The vulnerability exists in the eval() function within VpsTest.php, exploitable by manipulating the 'vf' parameter with low attack complexity. Publicly available exploit code exists (GitHub POC published), and the maintainer has not responded to early disclosure attempts. CVSS 6.3 reflects moderate impact across confidentiality, integrity, and availability, with EPSS data unavailable but risk elevated by confirmed POC and unresponsive vendor.

PHP Code Injection RCE
NVD VulDB GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Spreadsheet formula injection in Best Practical Request Tracker (RT) allows a low-privileged authenticated attacker to embed malicious formulas in ticket fields that execute when an administrator or staff member exports data to CSV and opens the file in a spreadsheet application. Affected versions span the entire RT 5.0 line prior to 5.0.10 and RT 6.0.0 through 6.0.2. No public exploit code has been identified at time of analysis and no CISA KEV listing exists, but the attack surface is broad given that CSV exports are a routine administrative workflow in ticketing systems.

Code Injection Rt
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Arbitrary certificate disclosure in Apache CXF's XKMS server lets remote attackers abuse an LDAP injection flaw (CWE-90) in the LDAP-backed certificate repository to retrieve certificates they are not authorized to see. Affected builds span Apache CXF 3.x before 3.6.11, 4.0.0-4.1.x before 4.1.6, and 4.2.0 before 4.2.1; the issue was reported by Apache itself and fixed in those releases. No public exploit identified at time of analysis, EPSS is very low (0.02%, 4th percentile), and CISA SSVC scores exploitation as 'none' with only 'partial' technical impact.

Code Injection LDAP Apache +1
NVD VulDB
Prev Page 4 of 54 Next

Quick Facts

Typical Severity
CRITICAL
Category
web
Total CVEs
4842

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy