Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-25153

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-30 Jan, 2026 | 21:31
Updated At-30 Jun, 2026 | 12:06
Rejected At-
Credits

@backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with `runIn: local`, a malicious actor who can submit or modify a repository's `mkdocs.yml` file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. @backstage/plugin-techdocs-node versions 1.13.11 and 1.14.1 contain a fix. The fix introduces an allowlist of supported MkDocs configuration keys. Unsupported configuration keys (including `hooks`) are now removed from `mkdocs.yml` before running the generator, with a warning logged to indicate which keys were removed. Users of `@techdocs/cli` should also upgrade to the latest version, which includes the fixed `@backstage/plugin-techdocs-node` dependency. Some workarounds are available. Configure TechDocs with `runIn: docker` instead of `runIn: local` to provide container isolation, though it does not fully mitigate the risk. Limit who can modify `mkdocs.yml` files in repositories that TechDocs processes; only allow trusted contributors. Implement PR review requirements for changes to `mkdocs.yml` files to detect malicious `hooks` configurations before they are merged. Use MkDocs < 1.4.0 (e.g., 1.3.1) which does not support hooks. Note: This may limit access to newer MkDocs features. Building documentation in CI/CD pipelines using `@techdocs/cli` does not mitigate this vulnerability, as the CLI uses the same vulnerable `@backstage/plugin-techdocs-node` package.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:30 Jan, 2026 | 21:31
Updated At:30 Jun, 2026 | 12:06
Rejected At:
▼CVE Numbering Authority (CNA)
@backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with `runIn: local`, a malicious actor who can submit or modify a repository's `mkdocs.yml` file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. @backstage/plugin-techdocs-node versions 1.13.11 and 1.14.1 contain a fix. The fix introduces an allowlist of supported MkDocs configuration keys. Unsupported configuration keys (including `hooks`) are now removed from `mkdocs.yml` before running the generator, with a warning logged to indicate which keys were removed. Users of `@techdocs/cli` should also upgrade to the latest version, which includes the fixed `@backstage/plugin-techdocs-node` dependency. Some workarounds are available. Configure TechDocs with `runIn: docker` instead of `runIn: local` to provide container isolation, though it does not fully mitigate the risk. Limit who can modify `mkdocs.yml` files in repositories that TechDocs processes; only allow trusted contributors. Implement PR review requirements for changes to `mkdocs.yml` files to detect malicious `hooks` configurations before they are merged. Use MkDocs < 1.4.0 (e.g., 1.3.1) which does not support hooks. Note: This may limit access to newer MkDocs features. Building documentation in CI/CD pipelines using `@techdocs/cli` does not mitigate this vulnerability, as the CLI uses the same vulnerable `@backstage/plugin-techdocs-node` package.

Affected Products
Vendor
backstage
Product
backstage
Versions
Affected
  • < 1.13.11
  • = 1.14.0
Problem Types
TypeCWE IDDescription
CWECWE-94CWE-94: Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-94
Description: CWE-94: Improper Control of Generation of Code ('Code Injection')
Metrics
VersionBase scoreBase severityVector
3.17.7HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/backstage/backstage/security/advisories/GHSA-6jr7-99pf-8vgf
x_refsource_CONFIRM
Hyperlink: https://github.com/backstage/backstage/security/advisories/GHSA-6jr7-99pf-8vgf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. @backstage/plugin-techdocs-node: @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks

A code injection flaw has been discovered in the npm @backstage/plugin-techdocs-node library. When TechDocs is configured with `runIn: local`, a malicious actor who can submit or modify a repository's `mkdocs.yml` file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Developer Hub 1.8
CPEs
  • cpe:/a:redhat:rhdh:1.8::el9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Developer Hub 1.9
CPEs
  • cpe:/a:redhat:rhdh:1.9::el9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Self-service automation portal 2
CPEs
  • cpe:/a:redhat:ansible_portal:2
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-94Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-94
Description: Improper Control of Generation of Code ('Code Injection')
Metrics
VersionBase scoreBase severityVector
3.17.7HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

RHSA-2026:6174: Red Hat Developer Hub 1.8

RHSA-2026:6802: Red Hat Developer Hub 1.9

Configurations

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-01-30 22:00:57
Made public.2026-01-30 21:31:58
Event: Reported to Red Hat.
Date: 2026-01-30 22:00:57
Event: Made public.
Date: 2026-01-30 21:31:58
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-25153
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2435576
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25153.json
x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:6174
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6802
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-25153
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2435576
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25153.json
Resource:
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/errata/RHSA-2026:6174
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:6802
Resource:
vendor-advisory
x_refsource_REDHAT
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:30 Jan, 2026 | 22:15
Updated At:30 Jun, 2026 | 03:17

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with `runIn: local`, a malicious actor who can submit or modify a repository's `mkdocs.yml` file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. @backstage/plugin-techdocs-node versions 1.13.11 and 1.14.1 contain a fix. The fix introduces an allowlist of supported MkDocs configuration keys. Unsupported configuration keys (including `hooks`) are now removed from `mkdocs.yml` before running the generator, with a warning logged to indicate which keys were removed. Users of `@techdocs/cli` should also upgrade to the latest version, which includes the fixed `@backstage/plugin-techdocs-node` dependency. Some workarounds are available. Configure TechDocs with `runIn: docker` instead of `runIn: local` to provide container isolation, though it does not fully mitigate the risk. Limit who can modify `mkdocs.yml` files in repositories that TechDocs processes; only allow trusted contributors. Implement PR review requirements for changes to `mkdocs.yml` files to detect malicious `hooks` configurations before they are merged. Use MkDocs < 1.4.0 (e.g., 1.3.1) which does not support hooks. Note: This may limit access to newer MkDocs features. Building documentation in CI/CD pipelines using `@techdocs/cli` does not mitigate this vulnerability, as the CLI uses the same vulnerable `@backstage/plugin-techdocs-node` package.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.7HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.7HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
N/A
Type: Secondary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

The Linux Foundation
linuxfoundation
>>backstage>>Versions before 1.13.11(exclusive)
cpe:2.3:a:linuxfoundation:backstage:*:*:*:*:*:*:*:*
The Linux Foundation
linuxfoundation
>>backstage>>Versions from 1.14.0(inclusive) to 1.14.1(exclusive)
cpe:2.3:a:linuxfoundation:backstage:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarysecurity-advisories@github.com
CWE-94Secondary0b0ca135-0b70-47e7-9f44-1890c2a1c46c
CWE ID: CWE-94
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-94
Type: Secondary
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/backstage/backstage/security/advisories/GHSA-6jr7-99pf-8vgfsecurity-advisories@github.com
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:61740b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:68020b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/security/cve/CVE-2026-251530b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=24355760b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25153.json0b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
Hyperlink: https://github.com/backstage/backstage/security/advisories/GHSA-6jr7-99pf-8vgf
Source: security-advisories@github.com
Resource:
Vendor Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2026:6174
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:6802
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-25153
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2435576
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25153.json
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

618Records found

CVE-2024-21649
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.27% / 66.18%
||
7 Day CHG~0.00%
Published-30 Jan, 2024 | 15:33
Updated-29 May, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote code execution

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.

Action-Not Available
Vendor-vantage6vantage6
Product-vantage6vantage6
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-23614
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-8.21% / 94.19%
||
7 Day CHG-0.07%
Published-04 Feb, 2022 | 22:25
Updated-23 Apr, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code injection in Twig

Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.

Action-Not Available
Vendor-symfonytwigphpFedora ProjectDebian GNU/Linux
Product-debian_linuxtwigfedoraTwig
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-2016
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-1.02% / 59.30%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 21:31
Updated-19 May, 2025 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZhiCms setcontroller.php index code injection

A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255270 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-zhicmsn/azhicms
Product-zhicmsZhiCmszhicms
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-13814
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.48% / 38.12%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 08:25
Updated-08 Apr, 2026 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Global Gallery - WordPress Responsive Gallery <= 9.1.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 9.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.

Action-Not Available
Vendor-lcwebLCweb
Product-global_galleryGlobal Gallery - WordPress Responsive Gallery
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-13808
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.62% / 45.36%
||
7 Day CHG~0.00%
Published-26 Apr, 2025 | 04:22
Updated-08 Apr, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xpro Elementor Addons - Pro <= 1.4.9 - Authenticated (Contributor+) Remote Code Execution

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

Action-Not Available
Vendor-wpxproWPXpro
Product-xpro_addons_for_elementorXpro Elementor Addons - Pro
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12729
Matching Score-4
Assigner-Sophos Limited
ShareView Details
Matching Score-4
Assigner-Sophos Limited
CVSS Score-8.8||HIGH
EPSS-1.31% / 67.23%
||
7 Day CHG~0.00%
Published-19 Dec, 2024 | 20:58
Updated-12 Nov, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).

Action-Not Available
Vendor-Sophos Ltd.
Product-firewallfirewall_firmwareSophos Firewall
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12350
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-3.57% / 87.95%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 00:31
Updated-11 Dec, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JFinalCMS Template TemplateController.java update command injection

A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-jwillbern/ajfinalcms_project
Product-jfinalcmsJFinalCMSjfinalcms
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12471
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-1.49% / 70.98%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 05:23
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible.

Action-Not Available
Vendor-postsaint
Product-Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12652
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.3||CRITICAL
EPSS-0.75% / 50.40%
||
7 Day CHG+0.01%
Published-26 Dec, 2024 | 04:05
Updated-02 Mar, 2026 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Intumit SmartRobot′s Conversational AI Platform - Improper Control of Generation of Code ('Code Injection')

A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code.

Action-Not Available
Vendor-intumitIntumit
Product-smartrobotSmartRobot′s Conversational AI Platform
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-50223
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-0.66% / 46.96%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 22:23
Updated-12 Jun, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ofbizApache OFBiz
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-10771
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-8.8||HIGH
EPSS-1.07% / 60.85%
||
7 Day CHG~0.00%
Published-06 Dec, 2024 | 12:24
Updated-13 May, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SICK InspectorP61x, SICK InspectorP62x and SICK TiM3xx are vulnerable for remote code execution

Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level ”Service”, an attacker can execute arbitrary system commands in the root user’s contexts.

Action-Not Available
Vendor-SICK AG
Product-TDC-X401GLSICK InspectorP61xSICK InspectorP62xTiM3xxtim3xxinspector61x_firmwareinspector62x_firmware
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-0252
Matching Score-4
Assigner-ManageEngine
ShareView Details
Matching Score-4
Assigner-ManageEngine
CVSS Score-8.8||HIGH
EPSS-7.81% / 93.95%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 07:57
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote code execution

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.

Action-Not Available
Vendor-Zoho Corporation Pvt. Ltd.ManageEngine (Zoho Corporation Pvt. Ltd.)
Product-manageengine_adselfservice_plusADSelfService Plus
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-10131
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-1.11% / 61.97%
||
7 Day CHG~0.00%
Published-19 Oct, 2024 | 03:50
Updated-15 Oct, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution in infiniflow/ragflow

The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req['llm_factory']` and `req['llm_name']` to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due to the lack of comprehensive input validation or sanitization. An attacker could provide a malicious value for 'llm_factory' that, when used as an index to these model dictionaries, results in the execution of arbitrary code.

Action-Not Available
Vendor-infiniflowinfiniflowinfiniflow
Product-ragflowinfiniflow/ragflowragflow
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-6846
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-15.87% / 96.48%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 21:27
Updated-08 Apr, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Manager Pro <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Upload

The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function.

Action-Not Available
Vendor-filemanagerproFile Manager
Product-file_managerFile Manager Pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-29807
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.7||HIGH
EPSS-1.25% / 65.70%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 00:29
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dataverse Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-dataverseMicrosoft Dataverse
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-6528
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-1.37% / 68.58%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 19:00
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Slider Revolution < 6.6.19 - Author+ Insecure Deserialization leading to RCE

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.

Action-Not Available
Vendor-themepunchUnknown
Product-slider_revolutionSlider Revolution
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-6548
Matching Score-4
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Citrix Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-3.19% / 86.54%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 20:11
Updated-24 Oct, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-01-24||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

Action-Not Available
Vendor-Cloud Software Group, Inc.Citrix (Cloud Software Group, Inc.)
Product-netscaler_application_delivery_controllernetscaler_gatewayNetScaler ADC NetScaler Gatewaynetscaler_application_delivery_controllernetscaler_gatewayNetScaler ADC and NetScaler Gateway
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-5540
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-4.7||MEDIUM
EPSS-1.93% / 77.54%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 19:15
Updated-02 Aug, 2024 | 07:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moodle: authenticated remote code execution risk in imscp

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

Action-Not Available
Vendor-Moodle Pty LtdFedora Project
Product-extra_packages_for_enterprise_linuxfedoramoodle
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-6131
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.2||HIGH
EPSS-1.00% / 58.65%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 16:27
Updated-30 Aug, 2024 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection in salesagility/suitecrm

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

Action-Not Available
Vendor-SalesAgility Ltd.
Product-suitecrmsalesagility/suitecrmsuitecrm
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-5539
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-4.7||MEDIUM
EPSS-1.86% / 76.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 19:11
Updated-03 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moodle: authenticated remote code execution risk in lesson

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.

Action-Not Available
Vendor-Moodle Pty LtdFedora Project
Product-extra_packages_for_enterprise_linuxfedoramoodlemoodle
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-5500
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.96% / 57.15%
||
7 Day CHG~0.00%
Published-11 Dec, 2023 | 07:13
Updated-02 Aug, 2024 | 07:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability

This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device.

Action-Not Available
Vendor-frauscherFrauscher
Product-frauscher_diagnostic_system_102FDS102 for FAdC/FAdCi
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-6125
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.81% / 52.41%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 15:30
Updated-08 Jan, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection in salesagility/suitecrm

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

Action-Not Available
Vendor-SalesAgility Ltd.
Product-suitecrmsalesagility/suitecrm
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-54345
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.61% / 44.80%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 11:24
Updated-25 May, 2026 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe Framework ERPNext 13.4.0 Remote Code Execution

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the gi_frame attribute to traverse the call stack and invoke os.popen to execute system commands.

Action-Not Available
Vendor-frappeFrappe Technologies
Product-erpnextFrappe Framework (ERPNext)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-5762
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-2.02% / 78.63%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 21:28
Updated-02 Aug, 2024 | 08:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext

The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges.

Action-Not Available
Vendor-filr_projectUnknown
Product-filrFilr
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-5677
Matching Score-4
Assigner-Axis Communications AB
ShareView Details
Matching Score-4
Assigner-Axis Communications AB
CVSS Score-6.3||MEDIUM
EPSS-0.56% / 42.51%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 05:20
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Please refer to the Axis security advisory for more information and solution.

Action-Not Available
Vendor-axisAxis Communications AB
Product-q7424-r_mk_iim3024-lve_firmwareq7404q7404_firmwarem7014_firmwarep7216q7414_firmwarem7016m7016_firmwarem3025-vep7216_firmwareq7424-r_mk_ii_firmwarep7214_firmwareq7401_firmwarem3024-lveq7401m7014p7214q7414p1214-e_firmwarep1214-em3025-ve_firmwareAXIS OS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-53888
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.82% / 52.89%
||
7 Day CHG~0.00%
Published-15 Dec, 2025 | 20:28
Updated-25 May, 2026 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files (such as JavaScript) and rename them to .php via the saveE and rename actions, then execute the resulting PHP payload to run system commands.

Action-Not Available
Vendor-zompZomplog
Product-zomplogZomplog
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-51420
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.58% / 43.41%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 09:16
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Verge3D Plugin <= 4.5.2 is vulnerable to Remote Code Execution (RCE)

Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.

Action-Not Available
Vendor-soft8softSoft8Soft LLC
Product-verge3dVerge3D Publishing and E-Commerce
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-50260
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-41.16% / 98.49%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 14:28
Updated-09 Jan, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wazuh's vulnerability in host_deny AR script allows arbitrary command execution

Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the `host_deny` script allows to write any string in the `hosts.deny` file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active response feature, which can automatically triggers actions in response to alerts. By default, active responses are limited to a set of pre defined executables. This is enforced by only allowing executables stored under `/var/ossec/active-response/bin` to be run as an active response. However, the `/var/ossec/active-response/bin/host_deny` can be exploited. `host_deny` is used to add IP address to the `/etc/hosts.deny` file to block incoming connections on a service level by using TCP wrappers. Attacker can inject arbitrary command into the `/etc/hosts.deny` file and execute arbitrary command by using the spawn directive. The active response can be triggered by writing events either to the local `execd` queue on server or to the `ar` queue which forwards the events to agents. So, it can leads to LPE on server as root and RCE on agent as root. This vulnerability is fixed in 4.7.2.

Action-Not Available
Vendor-Wazuh, Inc.
Product-wazuhwazuhwazuh
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-0323
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.69% / 48.30%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 18:00
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Neutralization of Special Elements Used in a Template Engine in bobthecow/mustache.php

Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1.

Action-Not Available
Vendor-mustache_projectbobthecow
Product-mustachebobthecow/mustache.php
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-50723
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-1.19% / 64.11%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 19:02
Updated-07 May, 2025 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XWiki Platform remote code execution/programming rights with configuration section from any user account

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patches can be manually applied to the `XWiki.ConfigurableClassMacros` and `XWiki.ConfigurableClass` pages.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2026-48017
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.51% / 39.76%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:54
Updated-17 Jun, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DbGate: Remote Code Execution via functionName injection in loadReader endpoint

DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user (with basic access, no special permissions required) can inject arbitrary JavaScript code that executes on the server with full process privileges, bypassing the require=null sandbox restriction. An authenticated user with basic access (no admin role, no run-shell-script permission required) can: execute arbitrary OS commands on the DbGate server with the privileges of the Node.js process, read/write any file accessible to the process, pivot to connected databases by reading connection credentials from DbGate's storage, and compromise the host system - in Docker deployments, this typically means root access within the container.

Action-Not Available
Vendor-dbgate
Product-dbgate
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-5044
Matching Score-4
Assigner-Kubernetes
ShareView Details
Matching Score-4
Assigner-Kubernetes
CVSS Score-7.6||HIGH
EPSS-56.57% / 98.94%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 19:19
Updated-12 Jun, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.

Action-Not Available
Vendor-Kubernetes
Product-ingress-nginxingress-nginx
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-50721
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-78.81% / 99.54%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 19:02
Updated-02 Aug, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XWiki Platform RCE from account through SearchAdmin

XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-46947
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.28% / 66.45%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 00:00
Updated-06 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Subrion 4.2.1 has a remote command execution vulnerability in the backend.

Action-Not Available
Vendor-intelliantsn/asubrion
Product-subrionn/asubrion_cms
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-47840
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-1.41% / 69.36%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 09:10
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Qode Essential Addons Plugin <= 1.5.2 is vulnerable to Remote Code Execution (RCE)

Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.

Action-Not Available
Vendor-qodeinteractiveQode Interactive
Product-qode_essential_addonsQode Essential Addons
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-46586
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-0.55% / 41.95%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 09:41
Updated-20 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ofbizApache OFBiz
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2023-47444
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.78% / 75.54%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 00:00
Updated-29 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.

Action-Not Available
Vendor-opencartn/a
Product-opencartn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-46987
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.54% / 71.85%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.

Action-Not Available
Vendor-seacmsn/a
Product-seacmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-48217
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.10% / 61.74%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 21:38
Updated-30 Aug, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote code execution via form uploads in statamic/cms

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields in the control panel. Malicious users could leverage this vulnerability to upload and execute code. This issue has been patched in versions 3.4.14 and 4.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-statamicstatamicstatamic
Product-statamiccmscms
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-46055
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.18% / 64.00%
||
7 Day CHG~0.00%
Published-21 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint.

Action-Not Available
Vendor-thingnarion/a
Product-photonn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-46623
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.58% / 43.64%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 09:06
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP EXtra Plugin <= 6.2 is vulnerable to Remote Code Execution (RCE)

Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2.

Action-Not Available
Vendor-wpvnteamTienCOP
Product-wp_extraWP EXtra
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-46243
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.98% / 58.05%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 19:10
Updated-12 Sep, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code execution via the edit action in XWiki platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it. A crafted URL of the form ` /xwiki/bin/edit//?content=%7B%7Bgroovy%7D%7Dprintln%28%22Hello+from+Groovy%21%22%29%7B%7B%2Fgroovy%7D%7D&xpage=view` can be used to execute arbitrary groovy code on the server. This vulnerability has been patched in XWiki versions 14.10.6 and 15.2RC1. Users are advised to update. There are no known workarounds for this issue.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-0811
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-18.56% / 96.90%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

Action-Not Available
Vendor-n/aKubernetes
Product-cri-oCRI-O
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-44846
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.00% / 58.64%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.

Action-Not Available
Vendor-seacmsn/a
Product-seacmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-43449
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.82% / 52.64%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 00:00
Updated-03 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component.

Action-Not Available
Vendor-hummerriskn/a
Product-hummerriskn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-43661
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-46.90% / 98.68%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 19:56
Updated-17 Sep, 2024 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cachet vulnerable to Authenticated Remote Code Execution

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue.

Action-Not Available
Vendor-all-threecachethqcachethq
Product-cachetcachetcachet
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2026-45505
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-0.58% / 43.35%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 07:22
Updated-02 Jun, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as `masterslave:vm://...,...` and `static:vm://...` incorrectly pass validation allowing bypass of fix in CVE-2026-34197.  Original description from CVE-2026-34197. Apache ActiveMQ exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery UR that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. Users are recommended to upgrade to version 5.19.7 or 6.2.6, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-activemq_brokeractivemqApache ActiveMQApache ActiveMQ BrokerApache ActiveMQ All
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-41319
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.84% / 53.30%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 17:54
Updated-26 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution in Custom Integration Upload in Fides

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML files, but Fides can be configured to also accept the inclusion of custom Python code in it. The custom code is executed in a restricted, sandboxed environment, but the sandbox can be bypassed to execute any arbitrary code. The vulnerability allows the execution of arbitrary code on the target system within the context of the webserver python process owner on the webserver container, which by default is `root`, and leverage that access to attack underlying infrastructure and integrated systems. This vulnerability affects Fides versions `2.11.0` through `2.19.0`. Exploitation is limited to API clients with the `CONNECTOR_TEMPLATE_REGISTER` authorization scope. In the Fides Admin UI this scope is restricted to highly privileged users, specifically root users and users with the owner role. Exploitation is only possible if the security configuration parameter `allow_custom_connector_functions` is enabled by the user deploying the Fides webserver container, either in `fides.toml` or by setting the env var `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS=True`. By default this configuration parameter is disabled. The vulnerability has been patched in Fides version `2.19.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. Users unable to upgrade should ensure that `allow_custom_connector_functions` in `fides.toml` and the `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS` are both either unset or explicit set to `False`.

Action-Not Available
Vendor-ethycaethyca
Product-fidesfides
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-4142
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8||HIGH
EPSS-1.24% / 65.50%
||
7 Day CHG~0.00%
Published-04 Aug, 2023 | 02:04
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution.

Action-Not Available
Vendor-smackcoderssmackcoders
Product-wp_ultimate_csv_importerWP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-40050
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-9.9||CRITICAL
EPSS-1.18% / 64.02%
||
7 Day CHG~0.00%
Published-31 Oct, 2023 | 14:07
Updated-06 Sep, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Automate Vulnerable to Malicious Content Uploaded Through Embedded Compliance Application

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.

Action-Not Available
Vendor-Progress Software CorporationChef
Product-automateChef Automateautomate
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • ...
  • 12
  • 13
  • Next
Details not found