Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-39236

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Jul, 2024 | 00:00
Updated At-02 Aug, 2024 | 04:19
Rejected At-
Credits

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Jul, 2024 | 00:00
Updated At:02 Aug, 2024 | 04:19
Rejected At:
▼CVE Numbering Authority (CNA)

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/Aaron911/PoC/blob/main/Gradio.md
N/A
https://github.com/gradio-app/gradio/issues/8853
N/A
https://github.com/advisories/GHSA-9v2f-6vcg-3hgv
N/A
Hyperlink: https://github.com/Aaron911/PoC/blob/main/Gradio.md
Resource: N/A
Hyperlink: https://github.com/gradio-app/gradio/issues/8853
Resource: N/A
Hyperlink: https://github.com/advisories/GHSA-9v2f-6vcg-3hgv
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
gradio_project
Product
gradio
CPEs
  • cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 4.36.1
Problem Types
TypeCWE IDDescription
CWECWE-94CWE-94 Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-94
Description: CWE-94 Improper Control of Generation of Code ('Code Injection')
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/Aaron911/PoC/blob/main/Gradio.md
x_transferred
https://github.com/gradio-app/gradio/issues/8853
x_transferred
https://github.com/advisories/GHSA-9v2f-6vcg-3hgv
x_transferred
Hyperlink: https://github.com/Aaron911/PoC/blob/main/Gradio.md
Resource:
x_transferred
Hyperlink: https://github.com/gradio-app/gradio/issues/8853
Resource:
x_transferred
Hyperlink: https://github.com/advisories/GHSA-9v2f-6vcg-3hgv
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Jul, 2024 | 19:15
Updated At:27 Jun, 2025 | 17:32

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches

gradio_project
gradio_project
>>gradio>>4.36.1
cpe:2.3:a:gradio_project:gradio:4.36.1:*:*:*:*:python:*:*
Weaknesses
CWE IDTypeSource
CWE-94Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-94
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/Aaron911/PoC/blob/main/Gradio.mdcve@mitre.org
Exploit
Third Party Advisory
https://github.com/advisories/GHSA-9v2f-6vcg-3hgvcve@mitre.org
Third Party Advisory
https://github.com/gradio-app/gradio/issues/8853cve@mitre.org
Exploit
Issue Tracking
Vendor Advisory
https://github.com/Aaron911/PoC/blob/main/Gradio.mdaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://github.com/advisories/GHSA-9v2f-6vcg-3hgvaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://github.com/gradio-app/gradio/issues/8853af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://github.com/Aaron911/PoC/blob/main/Gradio.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/advisories/GHSA-9v2f-6vcg-3hgv
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/gradio-app/gradio/issues/8853
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://github.com/Aaron911/PoC/blob/main/Gradio.md
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/advisories/GHSA-9v2f-6vcg-3hgv
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://github.com/gradio-app/gradio/issues/8853
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

906Records found

CVE-2023-25823
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.55% / 42.47%
||
7 Day CHG~0.00%
Published-23 Feb, 2023 | 21:34
Updated-10 Mar, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gradio contains Use of Hard-coded Credentials

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links (i.e. creating a Gradio app and then setting `share=True`), a private SSH key is sent to any user that connects to the Gradio machine, which means that a user could access other users' shared Gradio demos. From there, other exploits are possible depending on the level of access/exposure the Gradio app provides. This issue is patched in version 3.13.1, however, users are recommended to update to 3.19.1 or later where the FRP solution has been properly tested.

Action-Not Available
Vendor-gradio_projectgradio-app
Product-gradiogradio
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-47167
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.07%
||
7 Day CHG+0.01%
Published-10 Oct, 2024 | 21:47
Updated-17 Oct, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF in the path parameter of /queue/join in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to_cache` function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the `/queue/join` endpoint can help mitigate the risk of SSRF attacks.

Action-Not Available
Vendor-gradio_projectgradio-appgradio_project
Product-gradiogradiogradio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-57141
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 49.23%
||
7 Day CHG~0.00%
Published-08 Sep, 2025 | 00:00
Updated-12 Sep, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc.

Action-Not Available
Vendor-ruisitechn/a
Product-ruisibin/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-6330
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-2.14% / 80.02%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 06:00
Updated-27 May, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GEO my WordPress < 4.4.0.2 - Unauthenticated RCE via LFI

The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.

Action-Not Available
Vendor-geomywpUnknowngeo_my_wp
Product-geo_my_wordpressGEO my WPgeo_my_wp
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-9163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.31% / 81.49%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 20:23
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects.

Action-Not Available
Vendor-marchnetworksn/a
Product-command_clientn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-55727
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.98% / 58.23%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 18:31
Updated-17 Sep, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for any user who can edit any page or who can access the CKEditor converter. The width parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution when the macro has been installed by a user with programming right, or it at least allows executing Velocity code as the wiki admin. Version 1.26.5 contains a patch for the issue.

Action-Not Available
Vendor-XWiki SAS
Product-pro_macrosxwiki-pro-macros
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2023-36177
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-27.32% / 97.84%
||
7 Day CHG~0.00%
Published-23 Jan, 2024 | 00:00
Updated-09 Jul, 2026 | 01:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API.

Action-Not Available
Vendor-badaixn/abadaix
Product-snapcastn/asnapcast
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-15371
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-9.8||CRITICAL
EPSS-1.27% / 66.53%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 13:10
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-fabric_operating_systemBrocade Fabric OS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-15227
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-35.23% / 98.26%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 19:00
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution vulnerability

Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.

Action-Not Available
Vendor-nettenetteDebian GNU/Linux
Product-applicationdebian_linuxapplication
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-15150
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9||CRITICAL
EPSS-3.28% / 87.07%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 16:30
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution in paginator(hex)

There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version 1.0.0 and all users should upgrade to this version immediately. Note that this patched version uses a dependency that requires an Elixir version >=1.5.

Action-Not Available
Vendor-duffelduffelhq
Product-paginatorpaginator
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-57773
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-7.31% / 93.68%
||
7 Day CHG~0.00%
Published-25 Aug, 2025 | 16:42
Updated-03 Sep, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability requires commons-collections 4.x and aspectjweaver-1.9.22.jar. The vulnerability has been fixed in version 2.10.12.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-55346
Matching Score-4
Assigner-JFrog
ShareView Details
Matching Score-4
Assigner-JFrog
CVSS Score-9.8||CRITICAL
EPSS-18.45% / 96.92%
||
7 Day CHG+1.03%
Published-14 Aug, 2025 | 09:49
Updated-14 Aug, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unintended dynamic code execution leads to remote code execution by network attackers

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request.

Action-Not Available
Vendor-
Product-
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-34990
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-9.6||CRITICAL
EPSS-24.90% / 97.67%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 12:44
Updated-05 Jun, 2025 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwlmFortiWLM
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-6376
Matching Score-4
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-4
Assigner-MongoDB, Inc.
CVSS Score-7||HIGH
EPSS-0.42% / 34.06%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 14:57
Updated-01 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2

Action-Not Available
Vendor-MongoDB, Inc.
Product-compassMongoDB Compass
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-55423
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.33% / 87.27%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 00:00
Updated-30 Jan, 2026 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system() without proper validation or sanitization, allowing OS command injection.

Action-Not Available
Vendor-iptimen/a
Product-n2en604tplus_firmwarev304n2plusa5004ns_firmwaren2plus-i_firmwaren3-i_firmwaren604en600q504n2vsn600_firmwarea2004sea7004m_firmwaren102iplusn604a_firmwaren8004v_firmwaren604an904ns_firmwarea604-v3_firmwaren804ta3004ns-m_firmwaren604eplus_firmwarea2003mua6004mx_firmwareax3004bcm_firmwaren604ra6004ns-mn8004rn7004nsa2004nsplusn604plus-ia1004_firmwarea604ra6ns-m_firmwarea604sea3004tv304_firmwarea9004mn704nst5004_firmwaren702e_firmwaret16000mn604t_firmwareax3004itl_firmwaren602se_firmwareax2004mn804an904vsmartn704qcaa2004ns-rn704-a3n104_blackn104en702en5_firmwareax8008ma604-v5_firmwaren804t3n804a3_firmwarea3003nsa3004-dual_firmwareq604a3004mn904plusn904plus_firmwaren702bcmn804v_firmwareax2004_firmwarea8004tt24000m_firmwarea804ns-mun104v_firmwaren904v_firmwaren804t_firmwareax11000_firmwaren704e_firmwaren2v_firmwaren1plus_firmwarea104ax2004bcm_firmwarea304_firmwaret3004a9004m_firmwaret16000_firmwaren704v3n804rn2plus-in604_blacka604-v3n104r_firmwaren602sen1e_firmwarea3004ns-dual_firmwarea5004ns-m_firmwaren602eplusa2004rn104va2004ns-mu_firmwarea3004twa104ns_firmwarea8ns-mt16000m_firmwareax2002meshn602e_firmwarea104rn604e_firmwaren1plus-i_firmwarea5004ns-mn602eplus_firmwarea1004a604va1004vn704bcm_firmwareax3004itla7ns_firmwaren904a604g-mun604plus-i_firmwaren104s-r1_firmwarea3004nssmart_firmwaren804va2004mu_firmwaren2vs_firmwarea3004ns-mn702r_firmwaren804a3a104nsax8004bcm_firmwarea3004tw_firmwarea5004nsa3004ns-bcma2004nsplus_firmwarea3004ns-bcm_firmwarea6004ns-m_firmwaren704qca_firmwaren102in6n104e_firmwarea604g-mu_firmwaren104q-in1v_firmwaren8004r_firmwarea3004m_firmwaren604rplus_firmwaren704eplusa8004t-xrn6004rn2e_firmwaren904_firmwarea2003ns-mu_firmwarea2004nst3004_firmwarea2004a9004m-x2_firmwarea604n702bcm_firmwareax2002mesh_firmwaren3_firmwarea604r_firmwarea8004ns-mn702eplus_firmwaren104_black_firmwaren604seew302n_firmwarea3004ns_firmwaren604sa7004mt5008_firmwarea3004ns-dualn702ra2004plus_firmwaren102eplusn104qa604m_firmwarea1n1en102eplus_firmwaren604vplusq1_firmwarea604muax8004m_firmwareax8004bcmn104plus-ia2004r_firmwaren5n604tplust3008a104_firmwaren104eplusn1plus-ia604ma2004se_firmwarev504_firmwarea604g-skylifen604eplusn104rt24000_firmwaren704-a3_firmwareq604_firmwaren704v3_firmwaren804t3_firmwarea2004mun604s_firmwaret16000q1ax2004m_firmwareax11000n604vplus_firmwaret3008_firmwarea104r_firmwaren604vn2eplusn104q_firmwarea3002mesh_firmwarea3008-mu_firmwaren604se_firmwaren604_black_firmwaren2va2004_firmwarea6004nsn6_firmwaren704en6004r_firmwaren104k_firmwarea3004n604rplus-in804a_firmwarea8004bcmn2eplus_firmwaren102e_firmwarea2004ns-mun604rplusa8004itlq304q304_firmwaren804_firmwarea604_firmwaren102iplus_firmwaren104ka3004_firmwaren7004ns_firmwarea2004ns-r_firmwarea1_firmwarea704ns-bcm_firmwarea2004ns_firmwarea1004ns_firmwaren5-ia8004bcm_firmwarea6ns-mn604rplus-i_firmwarea704ns-bcmn104plusa3003ns_firmwarea604v_firmwarea6004ns_firmwaren804a304n804r_firmwaren3-ia8004itl_firmwarea1004v_firmwarea604mu_firmwarea604g-skylife_firmwarev508a3008-muax2004bcmt24000mt5008a2008_firmwarea8004t-xr_firmwarea804ns-mu_firmwarea3002mesht24000ax8008m_firmwarea1004nsa3004-duala8004t_firmwarea6004mxt5004ew302nn104s-r1n602en904nsv504a9004m-x2n604plus_firmwarea8004ns-m_firmwarea3_firmwaren102en104plus_firmwarea2004plusn104plus-i_firmwaren104q-i_firmwaren604r_firmwarea604-v5a3004t_firmwaren704ns_firmwaren8004vn1plusn104eplus_firmwaren102i_firmwarev508_firmwaren604v_firmwaren702eplusn3ax3004bcmn704bcma2003mu_firmwareax2004a3ax8004mq504_firmwarea2003ns-mun704eplus_firmwaren604plusn1va604se_firmwarea8ns-m_firmwaren2plus_firmwaren5-i_firmwarea2008n604ta7nsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-54451
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 46.84%
||
7 Day CHG~0.00%
Published-23 Jul, 2025 | 05:29
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Action-Not Available
Vendor-Samsung Electronics
Product-MagicINFO 9 Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-13756
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-55.08% / 98.92%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 13:46
Updated-03 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.

Action-Not Available
Vendor-sabberwormn/a
Product-php_css_parsern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-10035
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.2||CRITICAL
EPSS-0.84% / 53.83%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 11:48
Updated-02 Jun, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection in BG-TEK's CoslatV3

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection, Privilege Escalation. This issue affects CoslatV3: through 3.1069. NOTE: The vendor was contacted and it was learned that the product is not supported.

Action-Not Available
Vendor-bg-tekBG-TEK Informatics Security Technologiesbg-tek
Product-coslatCoslatV3coslatv3_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-54466
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.3||MEDIUM
EPSS-14.95% / 96.33%
||
7 Day CHG+0.96%
Published-15 Aug, 2025 | 14:13
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache OFBiz: RCE Vulnerability in scrum plugin

Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ofbizApache OFBiz
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-6886
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.85% / 54.11%
||
7 Day CHG~0.00%
Published-17 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 08:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xnx3 wangmarket Role Management Page code injection

A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248246 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-wang.marketxnx3
Product-wangmarketwangmarket
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-11546
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-32.84% / 98.17%
||
7 Day CHG+1.11%
Published-14 Jul, 2020 | 19:16
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.

Action-Not Available
Vendor-superwebmailern/a
Product-superwebmailern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-54068
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.2||CRITICAL
EPSS-95.38% / 99.86%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 18:16
Updated-23 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-04-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Livewire vulnerable to remote command execution during property update hydration

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.

Action-Not Available
Vendor-laravellivewireLaravel
Product-livewirelivewireLivewire
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-35853
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.03% / 59.90%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-11 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.

Action-Not Available
Vendor-oisfn/a
Product-suricatan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-53928
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.43% / 34.64%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 13:56
Updated-02 Aug, 2025 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MaxKB has RCE in MCP call

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue.

Action-Not Available
Vendor-maxkb1Panel (FIT2CLOUD Inc.)
Product-maxkbMaxKB
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-53867
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 45.65%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 00:00
Updated-05 Jul, 2026 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-35034
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.34% / 68.04%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 00:00
Updated-06 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24033.

Action-Not Available
Vendor-atosn/a
Product-unify_openscape_4000_managerunify_openscape_4000_assistantn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-54322
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-13.99% / 96.14%
||
7 Day CHG~0.00%
Published-27 Dec, 2025 | 00:00
Updated-09 Jan, 2026 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used.

Action-Not Available
Vendor-xspeederXspeeder
Product-sxzosSXZOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2020-10948
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.68% / 93.15%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 20:11
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted requests.

Action-Not Available
Vendor-alienform2_projectn/a
Product-alienform2n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-53890
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.14% / 63.13%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 23:57
Updated-15 Jul, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pyLoad vulnerable to remote code execution through js2py onCaptchaResult

pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution. Commit 909e5c97885237530d1264cfceb5555870eb9546, the patch for the issue, is included in version 0.5.0b3.dev89.

Action-Not Available
Vendor-pyload
Product-pyload
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-5392
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 53.71%
||
7 Day CHG~0.00%
Published-11 Jul, 2025 | 06:43
Updated-08 Apr, 2026 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution

The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leverage to inject backdoors or create new administrative user accounts to name a few things.

Action-Not Available
Vendor-gb-plugins
Product-GB Forms DB
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-3519
Matching Score-4
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Citrix Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-99.44% / 99.94%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 17:51
Updated-24 Oct, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-08-09||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Unauthenticated remote code execution

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)
Product-netscaler_application_delivery_controllernetscaler_gatewayNetScaler ADCNetScaler GatewayNetScaler ADC and NetScaler Gateway
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-5396
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 50.21%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 01:44
Updated-08 Apr, 2026 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution

The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackup_ajax_handle() function not having a capability check, nor validating user supplied input passed directly to call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leverage to inject backdoors or create new administrative user accounts to name a few things. On WordPress sites running the Alone theme versions 7.8.4 and older, this can be chained with CVE-2025-5394 to install the Bears Backup plugin and achieve the same impact.

Action-Not Available
Vendor-Bearsthemes
Product-Bears Backup
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-10257
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.88% / 94.64%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 23:41
Updated-04 Aug, 2024 | 10:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter.

Action-Not Available
Vendor-themerexn/a
Product-meals_and_wheels-food_truckplumbing-repair\,_building_\&_construction_wordpress_themepartiso_electioncampaignwellspring_water_filter_systemsyottis-simple_portfoliokargo-freight_transportrosalinda-vegetarian_\&_health_coachcoinpress-cryptocurrency_magazine_\&_blog_wordpress_themefc_united-footballimpacto_patronus_multi-landingrare_radionazareth-churchozeum-museumchainpressbriny-diving_wordpress_themeyolox-startup_magazine_\&_blog_wordpress_themerhodos-creative_corporate_wordpress_themepixefynelson-barbershop_\+_tattoo_salonnetmix-broadband_\&_telecomtacticool-shooting_range_wordpress_themevixus-startup_\/_mobile_applicationrenewal-plastic_surgeon_clinictornadosmystik-esotericskatelyn-gutenberg_wordpress_blog_themeheaven_11-multiskin_property_themealdo-gutenberg_wordpress_blog_themekids_carehelion-agency_\&portfolioprider-pride_festhobo_digital_nomad_blogbuzz_stone-magazine_\&_blogchit_club-board_gamesright_wayespecio-food_gutenberg_themevapestercorredo_sport_eventblabberaddonsrumble-single_fighter_boxer\,_news\,_gym\,_storetediss-soft_play_area\,_cafe_\&_child_care_centerlingvico-language_learning_schooljustitia-multiskin_lawyer_thememodern_housewife-housewife_and_family_blogpiqes-creative_startup_\&_agency_wordpress_themetantum-rent_a_car\,_rent_a_bike\,_rent_a_scooter_multiskin_themegloss_blogskydiving_and_flying_companykratz-digital_agencymaxify-startup_blogdronex-aerial_photography_servicessavejulia_personal_fundraising_campaignbonkozoo_zoosamadhi-buddhistyungen-digital\/marketing_agencybugster-pests_controltopper_theme_and_skinsamuliscientia-public_libraryvihara-ashram\,_buddhistgridironhallelujah-churchn/a
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-11079
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-2.62% / 83.74%
||
7 Day CHG~0.00%
Published-28 May, 2020 | 18:40
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
command injection fix in node-dns-sync

node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.

Action-Not Available
Vendor-node-dns-sync_projectskoranga
Product-node-dns-syncnode-dns-sync
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-5309
Matching Score-4
Assigner-BeyondTrust Inc.
ShareView Details
Matching Score-4
Assigner-BeyondTrust Inc.
CVSS Score-8.6||HIGH
EPSS-0.88% / 54.93%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 16:06
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Support & Privileged Remote Access server side template injection

The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.

Action-Not Available
Vendor-BeyondTrust Corporation
Product-remote_supportprivileged_remote_accessRemote Support(RS) & Privileged Remote Access(PRA)Remote support & Privileged Remote Access
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-34237
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-1.73% / 75.06%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 19:50
Updated-13 Feb, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote code execution via specially crafted script settings in SABnzbd

SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users[exposed their setup to the internet or other untrusted networks without setting a username/password. By default SABnzbd is only accessible from `localhost`, with no authentication required for the web interface. This issue has been patched in commits `e3a722` and `422b4f` which have been included in the 4.0.2 release. Users are advised to upgrade. Users unable to upgrade should ensure that a username and password have been set if their instance is web accessible.

Action-Not Available
Vendor-sabnzbdsabnzbd
Product-sabnzbdsabnzbd
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-52122
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 43.57%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 00:00
Updated-09 Sep, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).

Action-Not Available
Vendor-solspacen/a
Product-freeformn/a
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-32692
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.13% / 62.67%
||
7 Day CHG+0.01%
Published-30 May, 2023 | 03:15
Updated-10 Jan, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution Vulnerability in Validation Placeholders

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5.

Action-Not Available
Vendor-codeignitercodeigniter4
Product-codeigniterCodeIgniter4
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-52385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.05% / 60.48%
||
7 Day CHG+0.07%
Published-13 Aug, 2025 | 00:00
Updated-14 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-32697
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.59% / 72.96%
||
7 Day CHG~0.00%
Published-23 May, 2023 | 22:45
Updated-05 Mar, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled

SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.

Action-Not Available
Vendor-sqlite_jdbc_projectxerial
Product-sqlite_jdbcsqlite-jdbc
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-10055
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-5.98% / 92.48%
||
7 Day CHG~0.00%
Published-14 Aug, 2020 | 15:24
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The vulnerability could allow a remote unauthenticated attacker to execute arbitrary commands on the server with SYSTEM privileges.

Action-Not Available
Vendor-Siemens AG
Product-desigo_consumption_control_compactdesigo_consumption_controlDesigo CC CompactDesigo CC
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-6899
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-1.03% / 59.82%
||
7 Day CHG~0.00%
Published-17 Dec, 2023 | 12:31
Updated-21 Nov, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
rmountjoy92 DashMachine Config save_config code injection

A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability.

Action-Not Available
Vendor-rmountjoy92rmountjoy92
Product-dashmachineDashMachine
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-32540
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.2||HIGH
EPSS-0.90% / 55.59%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 23:16
Updated-08 Jan, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-webaccess\/scadaWebAccess/SCADA
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-6188
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.97% / 58.01%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 17:31
Updated-04 Sep, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GetSimpleCMS theme-edit.php code injection

A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245735.

Action-Not Available
Vendor-get-simplen/a
Product-getsimplecmsGetSimpleCMS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-32626
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 49.08%
||
7 Day CHG~0.00%
Published-18 Aug, 2023 | 09:36
Updated-08 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.

Action-Not Available
Vendor-LOGITEC CORPORATIONlogitecElecom Co., Ltd.
Product-lan-w300n\/rs_firmwarelan-w300n\/pr5lan-w300n\/rslan-w300n\/pr5_firmwareLAN-W300N/RSLAN-W300N/PR5lan-w300n\/rslan_w300n_pr5
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-3224
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.1||HIGH
EPSS-58.65% / 99.00%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 00:00
Updated-03 Jan, 2025 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection in nuxt/nuxt

Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.

Action-Not Available
Vendor-nuxtnuxt
Product-nuxtnuxt/nuxt
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-7609
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-9.8||CRITICAL
EPSS-95.34% / 99.86%
||
7 Day CHG~0.00%
Published-25 Mar, 2019 | 00:00
Updated-07 Nov, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-10||Apply updates per vendor instructions.

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Action-Not Available
Vendor-Red Hat, Inc.Elasticsearch BV
Product-openshift_container_platformkibanaKibanaKibana
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-5550
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-6.5||MEDIUM
EPSS-1.37% / 68.84%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 19:38
Updated-02 Aug, 2024 | 07:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moodle: rce due to lfi risk in some misconfigured shared hosting environments

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.

Action-Not Available
Vendor-Moodle Pty LtdFedora Project
Product-extra_packages_for_enterprise_linuxfedoramoodlemoodle
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-6823
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-4.95% / 91.21%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 20:41
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.

Action-Not Available
Vendor-Schneider Electric SE
Product-proclimaProClima all versions prior to version 8.0.0
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-53002
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.3||HIGH
EPSS-1.05% / 60.58%
||
7 Day CHG+0.02%
Published-26 Jun, 2025 | 14:40
Updated-02 Sep, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LLaMA-Factory Remote Code Execution (RCE) Vulnerability

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the `vhead_file` is loaded without proper safeguards, allowing malicious attackers to execute arbitrary malicious code on the host system simply by passing a malicious `Checkpoint path` parameter through the `WebUI` interface. The attack is stealthy, as the victim remains unaware of the exploitation. The root cause is that the `vhead_file` argument is loaded without the secure parameter `weights_only=True`. Version 0.9.4 contains a fix for the issue.

Action-Not Available
Vendor-hiyougahiyouga
Product-llama-factoryLLaMA-Factory
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 18
  • 19
  • Next
Details not found