Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-0877

Summary
Assigner-@huntrdev
Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a
Published At-17 Feb, 2023 | 00:00
Updated At-18 Mar, 2025 | 16:01
Rejected At-
Credits

Code Injection in froxlor/froxlor

Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:@huntrdev
Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a
Published At:17 Feb, 2023 | 00:00
Updated At:18 Mar, 2025 | 16:01
Rejected At:
▼CVE Numbering Authority (CNA)
Code Injection in froxlor/froxlor

Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.

Affected Products
Vendor
froxlor
Product
froxlor/froxlor
Versions
Affected
  • From unspecified before 2.0.11 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-94CWE-94 Improper Control of Generation of Code
Type: CWE
CWE ID: CWE-94
Description: CWE-94 Improper Control of Generation of Code
Metrics
VersionBase scoreBase severityVector
3.09.1CRITICAL
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Version: 3.0
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8
N/A
https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984
N/A
Hyperlink: https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8
Resource: N/A
Hyperlink: https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8
x_transferred
https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984
x_transferred
Hyperlink: https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8
Resource:
x_transferred
Hyperlink: https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@huntr.dev
Published At:17 Feb, 2023 | 01:15
Updated At:25 Feb, 2023 | 03:37

Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.09.1CRITICAL
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CPE Matches

froxlor
froxlor
>>froxlor>>Versions before 2.0.11(exclusive)
cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarysecurity@huntr.dev
CWE ID: CWE-94
Type: Primary
Source: security@huntr.dev
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984security@huntr.dev
Patch
https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8security@huntr.dev
Exploit
Patch
Third Party Advisory
Hyperlink: https://github.com/froxlor/froxlor/commit/aa48ffca2bcaf7ae57be3b8147bb3138abdab984
Source: security@huntr.dev
Resource:
Patch
Hyperlink: https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8
Source: security@huntr.dev
Resource:
Exploit
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

492Records found

CVE-2023-0671
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.9||CRITICAL
EPSS-1.12% / 62.20%
||
7 Day CHG~0.00%
Published-04 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection in froxlor/froxlor

Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.

Action-Not Available
Vendor-froxlorfroxlor
Product-froxlorfroxlor/froxlor
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-2034
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.1||CRITICAL
EPSS-73.25% / 99.39%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type in froxlor/froxlor

Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.

Action-Not Available
Vendor-froxlorfroxlor
Product-froxlorfroxlor/froxlor
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-41236
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.37% / 28.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 17:52
Updated-08 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to `~/.ssh/authorized_keys` under a customer-controlled home directory without verifying that the target path is not a symbolic link. If an attacker controls a shell-enabled customer account and can modify files inside the assigned home directory, the attacker can replace `~/.ssh/authorized_keys` with a symlink to `/root/.ssh/authorized_keys`. When Froxlor's privileged cron task later synchronizes SSH keys, it appends the attacker-supplied key into root's authorized key file, resulting in root SSH access. Version 2.3.7 contains a patch.

Action-Not Available
Vendor-froxlor
Product-froxlor
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-30932
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.54% / 41.69%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 18:46
Updated-26 Mar, 2026 | 12:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to customers with DNS enabled) does not validate the content field for several DNS record types (LOC, RP, SSHFP, TLSA). An attacker can inject newlines and BIND zone file directives (e.g. $INCLUDE) into the zone file that gets written to disk when the DNS rebuild cron job runs. This issue has been patched in version 2.3.5.

Action-Not Available
Vendor-froxlorfroxlor
Product-froxlorfroxlor
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2023-0315
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.2||HIGH
EPSS-97.65% / 99.89%
||
7 Day CHG~0.00%
Published-16 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection in froxlor/froxlor

Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.

Action-Not Available
Vendor-froxlorfroxlor
Product-froxlorfroxlor/froxlor
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-6069
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.9||CRITICAL
EPSS-0.84% / 53.27%
||
7 Day CHG~0.00%
Published-10 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 08:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Link Resolution Before File Access in froxlor/froxlor

Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.

Action-Not Available
Vendor-froxlorfroxlor
Product-froxlorfroxlor/froxlor
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-3668
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.1||CRITICAL
EPSS-0.83% / 53.26%
||
7 Day CHG~0.00%
Published-14 Jul, 2023 | 00:00
Updated-28 Oct, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Encoding or Escaping of Output in froxlor/froxlor

Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.

Action-Not Available
Vendor-froxlorfroxlorfroxlor
Product-froxlorfroxlor/froxlorfroxlor
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2020-10235
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.68% / 74.17%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 15:04
Updated-04 Aug, 2024 | 10:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.

Action-Not Available
Vendor-froxlorn/a
Product-froxlorn/a
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-41229
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.48% / 37.97%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 03:44
Updated-27 Apr, 2026 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)

Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with `change_serversettings` permission adds or updates a MySQL server via the API, the `privileged_user` parameter (which has no input validation) is written unescaped into `lib/userdata.inc.php`. Since this file is `require`d on every request via `Database::getDB()`, an attacker can inject arbitrary PHP code that executes as the web server user on every subsequent page load. Version 2.3.6 contains a patch.

Action-Not Available
Vendor-froxlorfroxlor
Product-froxlorfroxlor
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-3869
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.5||MEDIUM
EPSS-1.26% / 66.18%
||
7 Day CHG~0.00%
Published-05 Nov, 2022 | 00:00
Updated-05 May, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection in froxlor/froxlor

Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.

Action-Not Available
Vendor-froxlorfroxlor
Product-froxlorfroxlor/froxlor
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-3721
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.6||HIGH
EPSS-0.75% / 50.57%
||
7 Day CHG~0.00%
Published-04 Nov, 2022 | 00:00
Updated-02 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection in froxlor/froxlor

Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.

Action-Not Available
Vendor-froxlorfroxlor
Product-froxlorfroxlor/froxlor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-2017
Matching Score-4
Assigner-STAR Labs SG Pte. Ltd.
ShareView Details
Matching Score-4
Assigner-STAR Labs SG Pte. Ltd.
CVSS Score-8.8||HIGH
EPSS-2.08% / 79.27%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 10:18
Updated-05 Feb, 2025 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Control of Generation of Code in Twig Rendered Views in Shopware

Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\Core\Framework\Adapter\Twig\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731.

Action-Not Available
Vendor-shopwareShopware AG
Product-shopwareShopware 6
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-8864
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.82% / 52.90%
||
7 Day CHG~0.00%
Published-15 Sep, 2024 | 00:31
Updated-17 Sep, 2024 | 10:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
composiohq composio calculator.py Calculator code injection

A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to code injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-composiocomposiohqcomposiohq
Product-composiocomposiocomposio
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-66457
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.68% / 47.87%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 20:03
Updated-17 Dec, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Elysia affected by arbitrary code injection through cookie config

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution from cookie config. When dynamic cookies are enabled (e.g. there an existing cookie schema), the cookie config is injected into the compiled route without first being sanitised. Availability of this exploit is generally low, but when combined with GHSA-hxj9-33pp-j2cc, it allows for a full RCE chain. An attack requires write access to either the Elysia app's source code (in which case the vulnerability is meaningless) or write access to the cookie config (perhaps where it is assumed to be provisioned by the environment). This issue is fixed in version 1.4.18.

Action-Not Available
Vendor-elysiajselysiajs
Product-elysiaelysia
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-67036
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.38% / 30.34%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 00:00
Updated-23 Jun, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges.

Action-Not Available
Vendor-lantronixn/a
Product-eds5016_firmwareeds5008eds5008_firmwareeds5032eds5016eds5032_firmwaren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-8268
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.71% / 48.89%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 02:05
Updated-08 Apr, 2026 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frontend Dashboard <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call

The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to call arbitrary functions that can be leverage for privilege escalation by changing user's passwords.

Action-Not Available
Vendor-buffercodevinoth06buffercode
Product-frontend_dashboardFrontend Dashboardfrontend_dashboard
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-7559
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.85% / 53.72%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 02:31
Updated-08 Apr, 2026 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload

The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-File Managerfilemanagerpro
Product-File Manager Profile_manager_pro
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-6946
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.61% / 44.68%
||
7 Day CHG~0.00%
Published-21 Jul, 2024 | 08:31
Updated-05 Sep, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flute CMS list code injection

A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been declared as critical. This vulnerability affects unknown code of the file /admin/pages/list. The manipulation of the argument blocks leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272068.

Action-Not Available
Vendor-flute-cmsFluteflute
Product-fluteCMScms
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-7656
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.78% / 51.56%
||
7 Day CHG~0.00%
Published-24 Aug, 2024 | 11:36
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Image Hotspot by DevVN <= 1.2.5 - Authenticated (Author+) PHP Object Injection

The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Action-Not Available
Vendor-levantoanle_van_toan
Product-Image Hotspot by DevVNimage_hotspot_by_devvn
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-64108
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.44% / 35.48%
||
7 Day CHG+0.04%
Published-04 Nov, 2025 | 22:58
Updated-10 Nov, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cursor's Sensitive File Modification can Lead to NTFS Path Quirks

Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file protections and overwrite files which Cursor requires human approval to overwrite. Modification of some of the protected files can lead to RCE. Must be chained with a prompt injection or malicious model attach. Only affects systems supporting NTFS. This issue is fixed in version 2.0.

Action-Not Available
Vendor-anyspherecursor
Product-cursorcursor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-41900
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.91% / 55.65%
||
7 Day CHG~0.00%
Published-08 May, 2026 | 03:25
Updated-29 May, 2026 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in version 2.0.3.

Action-Not Available
Vendor-th30d4yth30d4y
Product-openlearnxOpenLearnX
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-21305
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-12.68% / 95.77%
||
7 Day CHG~0.00%
Published-08 Feb, 2021 | 19:20
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection vulnerability in CarrierWave

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1.

Action-Not Available
Vendor-carrierwave_projectcarrierwaveuploader
Product-carrierwavecarrierwave
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-6386
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.9||CRITICAL
EPSS-25.53% / 97.70%
||
7 Day CHG+0.52%
Published-21 Aug, 2024 | 20:29
Updated-08 Apr, 2026 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPML Multilingual CMS <= 4.6.12 - Authenticated (Contributor+) Remote Code Execution via Twig Server-Side Template Injection

The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

Action-Not Available
Vendor-wpmlWPMLwpml
Product-wpmlWPMLwpml
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-61196
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.51% / 39.72%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 00:00
Updated-04 Nov, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code via the comments input parameter.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-42234
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.38% / 29.69%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 18:36
Updated-06 May, 2026 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
n8n: Python Task Runner Sandbox Escape

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affects instances where the Python Task Runner is enabled. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.

Action-Not Available
Vendor-n8nn8n-io
Product-n8nn8n
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-41139
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.58% / 43.33%
||
7 Day CHG+0.06%
Published-07 May, 2026 | 05:06
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe array index getter in mathjs

Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0.

Action-Not Available
Vendor-mathjsjosdejongRed Hat, Inc.
Product-mathjsmathjsRed Hat Developer HubRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 9Self-service automation portal 2Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Cryostat 4
CWE ID-CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-41137
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.4||CRITICAL
EPSS-1.45% / 70.19%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 19:10
Updated-24 Apr, 2026 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowise: Code Injection in CSVAgent leads to Authenticated RCE

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload that will get interpolated and executed by the server. This vulnerability is fixed in 3.1.0.

Action-Not Available
Vendor-flowiseaiFlowiseAI
Product-flowiseflowise-componentsFlowise
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-41138
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.3||HIGH
EPSS-0.60% / 44.53%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 19:05
Updated-24 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas.

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within the prompt template and it is reflected to the Python code without any sanitization. This vulnerability is fixed in 3.1.0.

Action-Not Available
Vendor-flowiseaiFlowiseAI
Product-flowiseFlowise
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-1304
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-8.8||HIGH
EPSS-1.08% / 61.01%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 16:45
Updated-25 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rapid7 InsightCloudSec getattr() method access

An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.

Action-Not Available
Vendor-Rapid7 LLC
Product-insightappsecinsightcloudsecInsightCloudSec
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-1518
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.3||MEDIUM
EPSS-1.87% / 76.77%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 15:20
Updated-07 Nov, 2024 | 22:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability

A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific REST API commands. An attacker could exploit this vulnerability by sending a crafted HTTP request to the API subsystem of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system. To exploit this vulnerability, an attacker would need valid low-privileged user credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_device_manager_on-boxCisco Firepower Threat Defense Software
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-32527
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-8.8||HIGH
EPSS-2.92% / 85.37%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 21:54
Updated-04 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-mobile_securityTrend Micro Moibile Security for Enterprise
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-17300
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.40% / 69.21%
||
7 Day CHG~0.00%
Published-07 Oct, 2019 | 15:04
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user.

Action-Not Available
Vendor-n/aSugarCRM Inc.
Product-sugarcrmn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-41242
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.4||CRITICAL
EPSS-0.74% / 50.29%
||
7 Day CHG+0.17%
Published-18 Apr, 2026 | 16:18
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
protobufjs has an arbitrary code execution issue

protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue.

Action-Not Available
Vendor-protobufjs_projectprotobufjsRed Hat, Inc.
Product-protobufjsprotobuf.jsRed Hat OpenShift AI (RHOAI)Red Hat Hardened ImagesSelf-service automation portal 2Red Hat Enterprise Linux 9Red Hat Developer Hub 1.8Red Hat Enterprise Linux AI (RHEL AI) 3Cryostat 4Red Hat Openshift Data Foundation 4Red Hat Ansible Automation Platform 2Red Hat Build of Podman DesktopRed Hat Developer HubRed Hat OpenShift Container Platform 4Red Hat OpenShift AI 2.25Red Hat build of Apicurio Registry 3OpenShift PipelinesRed Hat Ceph Storage 9Red Hat Enterprise Linux 8Red Hat Developer Hub 1.9OpenShift Service Mesh 3
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-1306
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-8.8||HIGH
EPSS-1.21% / 64.66%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 16:53
Updated-26 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rapid7 InsightCloudSec resource.db() method access

An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.

Action-Not Available
Vendor-Rapid7 LLC
Product-insightappsecinsightcloudsecInsightCloudSec
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-58745
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.70% / 48.84%
||
7 Day CHG~0.00%
Published-08 Sep, 2025 | 22:40
Updated-17 Sep, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WeGIA has a bypass for the fix for CVE-2025-22133 - Arbitrary File Upload leads to Remote Code Execution (RCE)

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint `/html/socio/sistema/controller/controla_xlsx.php`, which can be bypassed by using magic bytes of Excel file in a PHP file. As a result, attacker can upload webshell to the server for remote code execution. Version 3.4.11 contains an updated fix.

Action-Not Available
Vendor-wegiaLabRedesCefetRJ
Product-wegiaWeGIA
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-42203
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.37% / 29.34%
||
7 Day CHG+0.05%
Published-08 May, 2026 | 03:36
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiteLLM: Server-Side Template Injection in /prompts/test endpoint

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the LiteLLM Proxy process. The endpoint only checks that the caller presents a valid proxy API key, so any authenticated user could reach it. Depending on how the proxy is deployed, this could expose secrets in the process environment (such as provider API keys or database credentials) and allow commands to be run on the host. This issue has been patched in version 1.83.7.

Action-Not Available
Vendor-litellmBerriAIRed Hat, Inc.
Product-litellmlitellmExploit IntelligenceRed Hat Ansible Automation Platform 2Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-1482
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.77% / 51.10%
||
7 Day CHG~0.00%
Published-18 Mar, 2023 | 09:31
Updated-26 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HkCms External Plugin code injection

A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223365 was assigned to this vulnerability.

Action-Not Available
Vendor-hkcms_projectn/a
Product-hkcmsHkCms
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-54907
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.14% / 62.69%
||
7 Day CHG+0.02%
Published-26 Dec, 2024 | 00:00
Updated-26 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-55877
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-1.56% / 72.20%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 19:13
Updated-30 Apr, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList

XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been fixed in XWiki 15.10.11, 16.4.1 and 16.5.0. It is possible to manually apply the patch to the page `XWiki.XWikiSyntaxMacrosList` as a workaround.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-96
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CVE-2024-55022
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.29% / 66.64%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-09 Mar, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter.

Action-Not Available
Vendor-weintekn/a
Product-easywebcmt-3072xh2cmt-3072xh2_firmwaren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-40217
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-6.50% / 92.94%
||
7 Day CHG+5.77%
Published-10 Apr, 2026 | 13:43
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.

Action-Not Available
Vendor-litellmBerriAIRed Hat, Inc.
Product-litellmLiteLLMRed Hat Ansible Automation Platform 2.6Red Hat OpenShift AI (RHOAI)Red Hat OpenShift AI 3.3Lightspeed Core
CWE ID-CWE-420
Unprotected Alternate Channel
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-55241
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.78% / 51.40%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-55662
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.75% / 50.42%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 17:25
Updated-30 Apr, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XWiki allows remote code execution through the extension sheet

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server. This vulnerability has been fixed in XWiki 15.10.9 and 16.3.0. Since `Extension Repository Application` is not mandatory, it can be safely disabled on instances that do not use it as a workaround. It is also possible to manually apply the patches from commit 8659f17d500522bf33595e402391592a35a162e8 to the page `ExtensionCode.ExtensionSheet` and to the page `ExtensionCode.ExtensionAuthorsDisplayer`.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-96
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CVE-2024-55505
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.66% / 47.22%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 00:00
Updated-17 Apr, 2025 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component.

Action-Not Available
Vendor-n/aCodeAstro
Product-complaint_management_systemn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-54780
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-11.99% / 95.62%
||
7 Day CHG+0.40%
Published-14 May, 2025 | 00:00
Updated-13 Jun, 2025 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting arbitrary OpenVPN management commands via the remipp parameter.

Action-Not Available
Vendor-netgaten/a
Product-pfsense_cepfsense_plusn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-40466
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-4.78% / 90.85%
||
7 Day CHG+0.81%
Published-24 Apr, 2026 | 10:15
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport via BrokerView.addNetworkConnector or BrokerView.addConnector through Jolokia if the activemq-http module is on the classpath. A malicious HTTP endpoint can return a VM transport through the HTTP URI which will bypass the validation added in CVE-2026-34197. The attacker can then use the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ All: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5. Users are recommended to upgrade to version 5.19.6 or 6.2.5, which fixes the issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-activemqactivemq_brokerApache ActiveMQ AllApache ActiveMQApache ActiveMQ BrokerRed Hat AMQ Broker 7Red Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-39891
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.56% / 42.41%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 20:46
Updated-22 Apr, 2026 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PraisonAI has a Template Injection in Agent Tool Definitions

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like acp_create_file) that process file content using template rendering. When user input from agent.start() is passed directly into these tools without escaping, template expressions in the input are executed rather than treated as literal text. This vulnerability is fixed in 4.5.115.

Action-Not Available
Vendor-praisonMervinPraison
Product-praisonaiPraisonAI
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-0089
Matching Score-4
Assigner-Proofpoint Inc.
ShareView Details
Matching Score-4
Assigner-Proofpoint Inc.
CVSS Score-8.8||HIGH
EPSS-0.73% / 49.90%
||
7 Day CHG~0.00%
Published-08 Mar, 2023 | 00:27
Updated-28 Feb, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Proofpoint Enterprise Protection webutils authenticated RCE

The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below.

Action-Not Available
Vendor-proofpointproofpoint
Product-enterprise_protectionenterprise_protection
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-5651
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.37% / 68.58%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 05:46
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fence-agents-remediation: fence agent command line options leads to remote code execution

A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting  --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Fence Agents Remediation 0.4 for RHEL 8
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-41044
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-0.98% / 57.93%
||
7 Day CHG+0.21%
Published-24 Apr, 2026 | 10:16
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to include an xbean binding that can be later used by a VM transport to load a remote Spring XML application. The attacker can then use the DestinationView mbean to send a message to trigger a VM transport creation that will reference this malicious broker name which can lead to loading the malicious Spring XML context file. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ Broker: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ All: before 5.19.6, from 6.0.0 before 6.2.5. Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-activemqactivemq_brokerApache ActiveMQ AllApache ActiveMQApache ActiveMQ BrokerRed Hat AMQ Broker 7Red Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found