Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-58138

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-30 Jun, 2026 | 18:44
Updated At-01 Jul, 2026 | 15:02
Rejected At-
Credits

Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to authentication. Attackers can exploit unsandboxed GraalVM evaluators configured with HostAccess.ALL or allowAllAccess(true) through INLINE, LAMBDA, DO_WHILE, and SWITCH task types to invoke arbitrary system commands via Java reflection or direct subprocess calls.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:30 Jun, 2026 | 18:44
Updated At:01 Jul, 2026 | 15:02
Rejected At:
â–¼CVE Numbering Authority (CNA)
Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to authentication. Attackers can exploit unsandboxed GraalVM evaluators configured with HostAccess.ALL or allowAllAccess(true) through INLINE, LAMBDA, DO_WHILE, and SWITCH task types to invoke arbitrary system commands via Java reflection or direct subprocess calls.

Affected Products
Vendor
conductor-oss
Product
conductor
Repo
https://github.com/conductor-oss/conductor
Default Status
affected
Versions
Affected
  • From 3.21.21 before 3.30.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-94Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-94
Description: Improper Control of Generation of Code ('Code Injection')
Metrics
VersionBase scoreBase severityVector
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
seqradev
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/conductor-oss/conductor/releases/tag/v3.30.2
release-notes
https://github.com/conductor-oss/conductor/commit/87a7d96aabbb706d6e84f812b93da5165028d18f
patch
https://github.com/conductor-oss/conductor/commit/c691e35e768caeb802c9f06ecdd9674c80081af1
patch
https://www.cve.org/CVERecord?id=CVE-2025-26074
N/A
https://www.vulncheck.com/advisories/orkes-conductor-unauthenticated-rce-via-graalvm-script-evaluators
third-party-advisory
Hyperlink: https://github.com/conductor-oss/conductor/releases/tag/v3.30.2
Resource:
release-notes
Hyperlink: https://github.com/conductor-oss/conductor/commit/87a7d96aabbb706d6e84f812b93da5165028d18f
Resource:
patch
Hyperlink: https://github.com/conductor-oss/conductor/commit/c691e35e768caeb802c9f06ecdd9674c80081af1
Resource:
patch
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2025-26074
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/orkes-conductor-unauthenticated-rce-via-graalvm-script-evaluators
Resource:
third-party-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:30 Jun, 2026 | 19:17
Updated At:01 Jul, 2026 | 16:16

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to authentication. Attackers can exploit unsandboxed GraalVM evaluators configured with HostAccess.ALL or allowAllAccess(true) through INLINE, LAMBDA, DO_WHILE, and SWITCH task types to invoke arbitrary system commands via Java reflection or direct subprocess calls.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-94Secondarydisclosure@vulncheck.com
CWE ID: CWE-94
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/conductor-oss/conductor/commit/87a7d96aabbb706d6e84f812b93da5165028d18fdisclosure@vulncheck.com
N/A
https://github.com/conductor-oss/conductor/commit/c691e35e768caeb802c9f06ecdd9674c80081af1disclosure@vulncheck.com
N/A
https://github.com/conductor-oss/conductor/releases/tag/v3.30.2disclosure@vulncheck.com
N/A
https://www.cve.org/CVERecord?id=CVE-2025-26074disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/orkes-conductor-unauthenticated-rce-via-graalvm-script-evaluatorsdisclosure@vulncheck.com
N/A
Hyperlink: https://github.com/conductor-oss/conductor/commit/87a7d96aabbb706d6e84f812b93da5165028d18f
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/conductor-oss/conductor/commit/c691e35e768caeb802c9f06ecdd9674c80081af1
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/conductor-oss/conductor/releases/tag/v3.30.2
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2025-26074
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/orkes-conductor-unauthenticated-rce-via-graalvm-script-evaluators
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

914Records found

CVE-2023-43091
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 53.45%
||
7 Day CHG~0.00%
Published-17 Nov, 2024 | 12:25
Updated-06 Aug, 2025 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnome-maps: gnome maps is vulnerable to a code injection attack (similar to xss) via its service.json

A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.

Action-Not Available
Vendor-gnome_mapsThe GNOME Project
Product-gnome-mapsgnome_maps
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-34277
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.4||CRITICAL
EPSS-1.97% / 77.94%
||
7 Day CHG+0.17%
Published-30 Oct, 2025 | 21:25
Updated-17 Nov, 2025 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nagios Log Server < 2024R1.3.1 RCE via Malformed Dashboard ID

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlled data, leading to arbitrary code execution in the context of the Log Server process.

Action-Not Available
Vendor-Nagios Enterprises, LLC
Product-log_serverLog Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-34089
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-1.39% / 68.96%
||
7 Day CHG~0.00%
Published-03 Jul, 2025 | 19:47
Updated-15 May, 2026 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote for Mac Unauthenticated Remote Code Execution via AppleScript Injection

An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application is configured with authentication disabled (i.e., the "Allow unknown devices" option is enabled), the /api/executeScript endpoint is exposed without access control. This allows unauthenticated remote attackers to inject arbitrary AppleScript payloads via the X-Script HTTP header, resulting in code execution using do shell script. Successful exploitation grants attackers the ability to run arbitrary commands on the macOS host with the privileges of the Remote for Mac background process.

Action-Not Available
Vendor-Aexol Studio
Product-Remote for Mac
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-5562
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.62% / 45.34%
||
7 Day CHG~0.00%
Published-05 Apr, 2026 | 11:00
Updated-30 Apr, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
provectus kafka-ui Endpoint testexecutions validateAccess code injection

A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-provectusprovectus
Product-uikafka-ui
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-18889
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-33.25% / 98.16%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 22:21
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.

Action-Not Available
Vendor-sensiolabsn/aFedora Project
Product-fedorasymfonyn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-3472
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-1.72% / 74.65%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 11:12
Updated-08 Apr, 2026 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution

The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is also installed and activated.

Action-Not Available
Vendor-oceanwpoceanwp
Product-ocean_extraOcean Extra
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-43481
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.06% / 60.37%
||
7 Day CHG~0.00%
Published-27 Dec, 2023 | 00:00
Updated-27 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component.

Action-Not Available
Vendor-n/aTCL
Product-browser_tv_web_-_browseheren/acom.tcl.browser
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-34127
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-1.12% / 62.26%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 21:10
Updated-07 Apr, 2026 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Achat v0.150 SEH Buffer Overflow via UDP

A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.

Action-Not Available
Vendor-Achat Software
Product-Achat Chat Server
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-44005
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.84% / 53.41%
||
7 Day CHG+0.28%
Published-13 May, 2026 | 17:40
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
vm2: Sandbox escape

vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox This vulnerability is fixed in 3.11.0.

Action-Not Available
Vendor-vm2_projectpatriksimekRed Hat, Inc.
Product-vm2vm2Self-service automation portal 2Red Hat Developer Hub
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE ID-CWE-653
Improper Isolation or Compartmentalization
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-17526
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.00% / 85.71%
||
7 Day CHG~0.00%
Published-18 Oct, 2019 | 16:15
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').popen('whoami').read() line. NOTE: the vendor's position is that the product is "vulnerable by design" and the current behavior will be retained

Action-Not Available
Vendor-sagemathn/a
Product-sagemathcelln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-34061
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-1.17% / 63.64%
||
7 Day CHG~0.00%
Published-03 Jul, 2025 | 19:46
Updated-08 Jul, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPStudy 2016-2018 Backdoor Remote Code Execution Vulnerability

A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without proper validation. This leads to remote code execution as the web server user, compromising the affected system.

Action-Not Available
Vendor-Henan Xiaopi Security Technology Co., Ltd.
Product-PHPStudy
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-3579
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.3||CRITICAL
EPSS-0.51% / 39.77%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 08:44
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection Vulnerability in AiDex

In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system (Unix) commands, interacting with internal services such as PHP or MySQL, and even invoking native functions of the framework used, such as Laravel or Symfony. This execution is achieved by Prompt Injection attacks through the /api/<string-chat>/message endpoint, manipulating the content of the ‘content’ parameter.

Action-Not Available
Vendor-AiDex
Product-AiDex
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-43234
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.03% / 59.52%
||
7 Day CHG~0.00%
Published-26 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters.

Action-Not Available
Vendor-dedebizn/a
Product-dedebizn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-34433
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-1.46% / 70.31%
||
7 Day CHG~0.00%
Published-19 Dec, 2025 | 15:37
Updated-23 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVideo < 20.1 Unauthenticated RCE via Predictable Installation Salt

AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid(). The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through unauthenticated API responses, allowing attackers to brute-force the remaining entropy. The recovered salt can then be used to encrypt a malicious payload supplied to a notification API endpoint that evaluates attacker-controlled input, resulting in arbitrary code execution as the web server user.

Action-Not Available
Vendor-World Wide Broadcast Network
Product-AVideo
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-3248
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.8||CRITICAL
EPSS-99.97% / 99.98%
||
7 Day CHG+0.01%
Published-07 Apr, 2025 | 14:22
Updated-23 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-05-26||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Action-Not Available
Vendor-langflowlangflow-aiLangflow
Product-langflowlangflowLangflow
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-69872
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 39.69%
||
7 Day CHG-0.04%
Published-11 Feb, 2026 | 00:00
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-n/aRed Hat AI Inference ServerRed Hat Satellite 6Red Hat OpenShift AI 3.3Red Hat OpenShift AI (RHOAI)Red Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-32106
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 54.24%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 00:00
Updated-18 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code.

Action-Not Available
Vendor-audiocodesn/a
Product-mp-112mp-112_firmwaremp-114_firmwaremp-118_firmwaremp-114mp-118n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-17268
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.44% / 82.28%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 13:51
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected.

Action-Not Available
Vendor-omniauth-weibo-oauth2_projectn/a
Product-omniauth-weibo-oauth2n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-4800
Matching Score-4
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Matching Score-4
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-8.1||HIGH
EPSS-1.74% / 74.89%
||
7 Day CHG+0.71%
Published-31 Mar, 2026 | 19:25
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
lodash vulnerable to Code Injection via `_.template` imports key names

Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. When an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function(). Patches: Users should upgrade to version 4.18.0. Workarounds: Do not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names.

Action-Not Available
Vendor-lodashlodashRed Hat, Inc.
Product-lodash-eslodashlodash-amdlodash.templatelodash-eslodashlodash-amdlodash.templateRed Hat Developer Hub 1.8Red Hat Directory Server 13Cryostat 4 on RHEL 9Red Hat Enterprise Linux High Availability (v. 10)Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat build of Apicurio Registry 2Red Hat Enterprise Linux High Availability E4S (v.8.6)Red Hat Quay 3Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)Red Hat OpenShift distributed tracing 3.9.3Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)Red Hat OpenShift GitOps 1.18Red Hat Directory Server 11Red Hat Directory Server 12Red Hat Developer HubMulticluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Container Platform 4.22Red Hat OpenShift Service Mesh 2.6Red Hat Ansible Automation Platform 2.5Red Hat Build of Podman DesktopRed Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsRed Hat Discovery 2Red Hat JBoss Enterprise Application Platform 8Self-service automation portal 2Red Hat Trusted Profile AnalyzerRed Hat Enterprise Linux 7Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Fuse 7Red Hat Enterprise Linux High Availability (v. 9)Red Hat Openshift Data Foundation 4.16Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Streams for Apache Kafka 2.9.4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat OpenShift AI 3.3Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)Red Hat Advanced Cluster Security 4Red Hat Enterprise Linux High Availability E4S (v.9.2)Migration Toolkit for Applications 8Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25Red Hat Enterprise Linux High Availability TUS (v.8.6)Red Hat Enterprise Linux High Availability EUS (v. 10.0)Red Hat Build of KeycloakRed Hat Process Automation 7Red Hat Enterprise Linux High Availability EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Satellite 6.18OpenShift PipelinesRed Hat Openshift Data Foundation 4.19Red Hat Trusted Artifact Signer 1.3Migration Toolkit for Virtualization 2.9Red Hat Openshift Data Foundation 4.2Migration Toolkit for Virtualization 2.1Streams for Apache Kafka 3.2.0Red Hat JBoss Enterprise Application Platform 7Red Hat Enterprise Linux High Availability E4S (v.9.0)Red Hat Openshift Data Foundation 4.18Red Hat Satellite 6Red Hat Data Grid 8.6.1Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux High Availability EUS (v.9.6)Cluster Observability Operator 1.5.0Red Hat Enterprise Linux High Availability E4S (v.8.8)Red Hat OpenShift AI (RHOAI)Red Hat Enterprise Linux High Availability AUS (v.8.4)Confidential Compute AttestationRed Hat Edge Manager 1Network Observability (NETOBSERV) 1.11.2Red Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux Resilient Storage (v. 9)Red Hat build of Apicurio Registry 3Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux Resilient Storage EUS (v.9.6)Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux High Availability TUS (v.8.8)Red Hat Openshift Data Foundation 4.17Red Hat OpenShift Dev Spaces 3.27Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift GitOps 1.19Red Hat OpenShift Container Platform 4.20Red Hat Single Sign-On 7Red Hat Connectivity Link 1Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)Red Hat OpenShift Container Platform 4
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-32798
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.69% / 48.44%
||
7 Day CHG+0.01%
Published-16 Jun, 2025 | 20:10
Updated-02 Jul, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Conda-build Allows Arbitrary Code Execution via Malicious Recipe Selectors

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval function to process embedded selectors in meta.yaml files. This approach evaluates user-defined expressions without proper sanitization, which allows arbitrary code to be executed during the build process. As a result, the integrity of the build environment is compromised, and unauthorized commands or file operations may be performed. The vulnerability stems from the inherent risk of using eval() on untrusted input in a context intended to control dynamic build configurations. By directly interpreting selector expressions, conda-build creates a potential execution pathway for malicious code, violating security assumptions. This issue has been patched in version 25.4.0.

Action-Not Available
Vendor-anacondaconda
Product-conda-buildconda-build
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-32363
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.78% / 51.25%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 00:00
Updated-15 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-36610
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 12.00%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 00:00
Updated-24 Dec, 2024 | 21:15
Rejected-24 Dec, 2024 | 00:00
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Action-Not Available
Vendor-21degrees
Product-symphony
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-3115
Matching Score-4
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-4
Assigner-TIBCO Software Inc.
CVSS Score-9.4||CRITICAL
EPSS-0.61% / 44.86%
||
7 Day CHG+0.06%
Published-09 Apr, 2025 | 18:12
Updated-11 Nov, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spotfire Data Function Vulnerability

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution

Action-Not Available
Vendor-Spotfire (Cloud Software Group, Inc.)TIBCO (Cloud Software Group, Inc.)
Product-spotfire_analystspotfire_enterprise_runtime_for_rspotfire_desktopspotfire_analytics_platformspotfire_statistics_servicesspotfire_deployment_kitSpotfire Service for PythonSpotfire Service for RSpotfire Enterprise Runtime for R - Server EditionDeployment Kit used in Spotfire ServerSpotfire Statistics ServicesSpotfire DesktopSpotfire AnalystSpotfire for AWS Marketplace
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-3164
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.59% / 44.06%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 15:31
Updated-23 Apr, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tencent Music Entertainment SuperSonic H2 Database Connection testConnect code injection

A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-tencentmusicTencent Music Entertainment
Product-supersonicSuperSonic
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-29058
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 44.80%
||
7 Day CHG~0.00%
Published-18 Apr, 2025 | 00:00
Updated-19 Jun, 2025 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component.

Action-Not Available
Vendor-qimou_cms_projectn/a
Product-qimou_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-29662
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 38.43%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 00:00
Updated-11 Jul, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote network access.

Action-Not Available
Vendor-landchatn/a
Product-landchatn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-16759
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-99.73% / 99.95%
||
7 Day CHG~0.00%
Published-24 Sep, 2019 | 21:01
Updated-07 Nov, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

Action-Not Available
Vendor-vbulletinn/avBulletin
Product-vbulletinn/avBulletin
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-4965
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.60% / 44.54%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 17:41
Updated-29 Apr, 2026 | 22:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection

A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-lettaletta-ai
Product-lettaletta
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2025-29306
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-43.66% / 98.58%
||
7 Day CHG-0.09%
Published-27 Mar, 2025 | 00:00
Updated-09 Jun, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.

Action-Not Available
Vendor-foxcmsn/a
Product-foxcmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-29401
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 48.67%
||
7 Day CHG~0.00%
Published-19 Mar, 2025 | 00:00
Updated-16 Jun, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file.

Action-Not Available
Vendor-emlogn/a
Product-emlogn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-29064
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.68% / 47.69%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 00:00
Updated-29 Apr, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x18_firmwarex18n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-28386
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.91% / 55.74%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 00:00
Updated-23 Jun, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.

Action-Not Available
Vendor-openc3n/a
Product-cosmosn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-28146
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.30% / 94.76%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 00:00
Updated-28 May, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel

Action-Not Available
Vendor-n/aEdimax Technology Company Ltd.
Product-br-6478ac_v3_firmwarebr-6478ac_v3n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-29631
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.81% / 75.97%
||
7 Day CHG~0.00%
Published-25 Jul, 2025 | 00:00
Updated-25 Feb, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 allow command injection through vulnerable methods that do not sanitize input before passing content to the operating system for execution. The vulnerability may allow an attacker to execute arbitrary operating system commands on a target Home Kit.

Action-Not Available
Vendor-Gardyn
Product-Home Kit Firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-1635
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-100.00% / 100.00%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 20:00
Updated-22 Apr, 2026 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-08-10||Apply updates per vendor instructions.

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_8.1windows_server_2008windows_8windows_server_2012n/aHTTP.sys
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-26818
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.08% / 61.16%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 00:00
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netwrix Password Secure through 9.2 allows command injection.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-25498
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.89% / 85.17%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 17:29
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.

Action-Not Available
Vendor-cuppacmsn/a
Product-cuppacmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-26845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 34.08%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 00:00
Updated-16 May, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.

Action-Not Available
Vendor-znunyn/a
Product-znunyn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2022-23614
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-8.21% / 94.19%
||
7 Day CHG-0.07%
Published-04 Feb, 2022 | 22:25
Updated-23 Apr, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code injection in Twig

Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.

Action-Not Available
Vendor-symfonytwigphpFedora ProjectDebian GNU/Linux
Product-debian_linuxtwigfedoraTwig
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-27678
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.20% / 64.43%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-03 Nov, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Client Remote Code Execution V-2023-001.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-26970
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.63% / 45.59%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ark Theme Core plugin < 1.71.0 - Unauthenticated Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Ark Theme Core ark-core allows Code Injection.This issue affects Ark Theme Core: from n/a through < 1.71.0.

Action-Not Available
Vendor-arkthemeFRESHFACE
Product-the_arkArk Theme Core
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-27657
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.55% / 72.00%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-03 Nov, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Code Execution V-2023-008.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-16783
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.97% / 94.04%
||
7 Day CHG~0.00%
Published-10 Nov, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.

Action-Not Available
Vendor-n/aThe CMS Made Simple Foundation
Product-cms_made_simplen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-25077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 33.02%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature used for secureboot image verification. Because the encryption engine for on-the-fly decryption uses AES in CTR mode without authentication, an attacker-modified Nonce can result in execution of arbitrary code.

Action-Not Available
Vendor-n/arenesas
Product-n/asmartbond_da14695
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-25180
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.02% / 59.34%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 00:00
Updated-13 May, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers.

Action-Not Available
Vendor-pdfmake_projectn/apdfmake_project
Product-pdfmaken/apdfmake
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-16885
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.60% / 90.51%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 19:50
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via the cookie comparison.

Action-Not Available
Vendor-okay-cmsn/a
Product-okaycmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-25789
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.46% / 70.37%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 00:00
Updated-09 Apr, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php.

Action-Not Available
Vendor-foxcmsn/a
Product-foxcmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-25362
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 49.68%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-26003
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 44.92%
||
7 Day CHG+0.04%
Published-26 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest.

Action-Not Available
Vendor-telesquaren/a
Product-tlr-2005ksh_firmwaretlr-2005kshn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-25467
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 45.11%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient tracking and releasing of allocated used memory in libx264 git master allows attackers to execute arbitrary code via creating a crafted AAC file.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 18
  • 19
  • Next
Details not found