Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-59858

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-09 Jul, 2026 | 22:37
Updated At-14 Jul, 2026 | 03:55
Rejected At-
Credits

Vim: Arbitrary Code Execution via C Omni-Completion

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honors the bar as a command separator, a crafted tag field can close the search pattern and append an arbitrary Ex command; opening a hostile .c file whose project tags file contains such an entry and invoking C omni-completion runs that command as the editing user. This issue is fixed in version 9.2.0735.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:09 Jul, 2026 | 22:37
Updated At:14 Jul, 2026 | 03:55
Rejected At:
â–¼CVE Numbering Authority (CNA)
Vim: Arbitrary Code Execution via C Omni-Completion

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honors the bar as a command separator, a crafted tag field can close the search pattern and append an arbitrary Ex command; opening a hostile .c file whose project tags file contains such an entry and invoking C omni-completion runs that command as the editing user. This issue is fixed in version 9.2.0735.

Affected Products
Vendor
Vimvim
Product
vim
Versions
Affected
  • < 9.2.0735
Problem Types
TypeCWE IDDescription
CWECWE-94CWE-94: Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-94
Description: CWE-94: Improper Control of Generation of Code ('Code Injection')
Metrics
VersionBase scoreBase severityVector
4.08.4HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/vim/vim/security/advisories/GHSA-mf92-v4xw-j45x
x_refsource_CONFIRM
https://github.com/vim/vim/commit/6b611b0d15603c52ebdad17172b0232b4f65704e
x_refsource_MISC
Hyperlink: https://github.com/vim/vim/security/advisories/GHSA-mf92-v4xw-j45x
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/vim/vim/commit/6b611b0d15603c52ebdad17172b0232b4f65704e
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:09 Jul, 2026 | 23:17
Updated At:14 Jul, 2026 | 05:16

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honors the bar as a command separator, a crafted tag field can close the search pattern and append an arbitrary Ex command; opening a hostile .c file whose project tags file contains such an entry and invoking C omni-completion runs that command as the editing user. This issue is fixed in version 9.2.0735.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.4HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Vim
vim
>>vim>>Versions before 9.2.0735(exclusive)
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Secondarysecurity-advisories@github.com
CWE ID: CWE-94
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/vim/vim/commit/6b611b0d15603c52ebdad17172b0232b4f65704esecurity-advisories@github.com
Patch
https://github.com/vim/vim/security/advisories/GHSA-mf92-v4xw-j45xsecurity-advisories@github.com
Patch
Vendor Advisory
Hyperlink: https://github.com/vim/vim/commit/6b611b0d15603c52ebdad17172b0232b4f65704e
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/vim/vim/security/advisories/GHSA-mf92-v4xw-j45x
Source: security-advisories@github.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

243Records found

CVE-2025-3753
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-0.19% / 9.40%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 19:14
Updated-26 Aug, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe use of eval() method in rosbag tool

A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.

Action-Not Available
Vendor-openroboticsOpen Source Robotics Foundation
Product-robot_operating_systemRobot Operating System (ROS)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2025-34123
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.46% / 37.13%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 21:07
Updated-07 Apr, 2026 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VideoCharge Studio 2.12.3.685 SEH Buffer Overflow via .VSC File

A stack-based buffer overflow vulnerability exists in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC configuration file. The issue occurs due to improper handling of user-supplied data in the XML 'Name' attribute, leading to an SEH overwrite condition. An attacker can exploit this vulnerability by convincing a user to open a malicious .VSC file, resulting in arbitrary code execution under the context of the user.

Action-Not Available
Vendor-VideoCharge Software
Product-Studio
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-34124
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.38% / 30.27%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 21:08
Updated-07 Apr, 2026 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heroes of Might and Magic III .h3m Map File Buffer Overflow

A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buffer overflow, potentially allowing arbitrary code execution. Exploitation requires the victim to open a malicious map file within the game.

Action-Not Available
Vendor-The 3DO Company
Product-Heroes of Might and Magic III
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-31198
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-4.87% / 91.07%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 20Microsoft Exchange Server 2019 Cumulative Update 9Microsoft Exchange Server 2019 Cumulative Update 8Microsoft Exchange Server 2016 Cumulative Update 19
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-8759
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-88.70% / 99.76%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-22 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_8.1windows_server_2008windows_10_1511windows_10_1607.net_frameworkwindows_10_1703windows_10_1507windows_server_2016windows_rt_8.1windows_server_2012Microsoft .NET Framework.NET Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-1157
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-4.48% / 90.40%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-20 Feb, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jet Database Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_server_2008windows_10windows_8.1windows_7windows_server_2019Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1709Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1703
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-44702
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.36% / 68.71%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-27 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Terminal Remote Code Execution Vulnerability

Windows Terminal Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_11terminalWindows Terminal for Windows 10Windows Terminal for Windows 11
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-53920
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.53% / 41.06%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 00:00
Updated-03 Nov, 2025 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

Action-Not Available
Vendor-n/aGNU
Product-emacsn/aemacs
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-55408
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.4||HIGH
EPSS-0.19% / 8.53%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 21:02
Updated-08 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Koodo Reader: Remote code execution via malicious epub file

Koodo Reader is an ebook reader. In version 2.3.0 and earlier, Koodo Reader is vulnerable to remote code execution through malicious EPUB files because the open-book IPC handler enables nodeIntegrationInSubFrames and EPUB chapter content is rendered with unsanitized innerHTML. An attacker can craft an EPUB book that, when imported and opened by the victim, instantiates a hidden iframe with Node.js API access and executes arbitrary operating system commands with the victim user's privileges. This issue is fixed in version 2.3.1.

Action-Not Available
Vendor-koodo-reader
Product-koodo-reader
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-43352
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.53% / 41.07%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.

Action-Not Available
Vendor-n/aThe CMS Made Simple Foundation
Product-cms_made_simplen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-54074
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.64%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 20:47
Updated-02 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
@tinacms/cli: Remote Code Execution via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "__TINA_INTERNAL__:::(.*?):::" inside the stringified collection JSON. User-supplied label and name fields from .forestry/**/*.yml are placed into that JSON without any sanitisation. An attacker who controls a Forestry-style project can therefore inject arbitrary JavaScript into the generated tina/templates.{ts,js} file. The injected code is written at module top level, so it executes the moment the developer runs tinacms dev or tinacms build, with the developer's privileges. This issue has been fixed in version 2.4.3.

Action-Not Available
Vendor-tinacms
Product-tinacms
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-24243
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.51% / 39.81%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 22:23
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-50650
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 20.53%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:29
Updated-17 Jul, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Framework Elevation of Privilege Vulnerability

Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft .NET Framework 3.5Microsoft Visual Studio 2022 version 17.12Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2.NET 9.0Microsoft Visual Studio 2026 version 18.7Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 4.8Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-47292
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 29.03%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:04
Updated-15 Jul, 2026 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code - MSSQL Extension
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-24159
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.33% / 24.75%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:45
Updated-02 Jun, 2026 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved logic. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSwatchOSmacOSiPadOSiOS and iPadOStvOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-45555
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 4.03%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 12:54
Updated-01 Jun, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Roslyn CodeLens MCP Server: Untrusted Roslyn Analyzer Execution via get_diagnostics Leads to Arbitrary Code Execution

Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the get_diagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user confirmation; includeAnalyzers defaults to true, so no explicit opt-in is required. An attacker who can place a malicious .csproj referencing an attacker-controlled DLL in a location the victim opens with the MCP server will achieve arbitrary code execution in the server process with the server's OS privileges. This vulnerability is fixed in 1.17.0.

Action-Not Available
Vendor-MarcelRoozekrans
Product-roslyn-codelens-mcp
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-44728
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.12% / 2.59%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 17:48
Updated-28 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Control of Generation of Code when compiling specifically crafted malicious code with @babel/plugin-transform-modules-systemjs

Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and 8.0.0-alpha.13.

Action-Not Available
Vendor-babelbabel@babel
Product-babelbabelplugin-transform-modules-systemjs
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-45136
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.19% / 8.55%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 20:48
Updated-02 Jun, 2026 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh (introduced in v3.5.0) interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user's Claude Code process. This vulnerability is fixed in 3.5.2.

Action-Not Available
Vendor-cnighswongercnighswonger
Product-claude-code-cache-fixclaude-code-cache-fix
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-20120
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.34% / 26.44%
||
7 Day CHG~0.00%
Published-21 Aug, 2025 | 20:12
Updated-15 May, 2026 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Maple <= v13 Maplet File Creation and Command Execution

Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.

Action-Not Available
Vendor-Maplesoft
Product-Maple
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-21187
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.73% / 50.22%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Power Automate Remote Code Execution Vulnerability

Microsoft Power Automate Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-power_automate_for_desktopPower Automate for Desktop
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-42851
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.16% / 6.01%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 20:00
Updated-16 Jun, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
@kitty-edit DCS + --color=geninclude vulnerable to Unauthenticated in-process RCE

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with `cat`, a log line, an email body rendered in `less`, an issue body in a TUI, etc. — can cause kitty to execute attacker-supplied Python inside the running kitty process, with the user's full privileges. There is no approval prompt, no remote-control permission requirement, no shell-integration interaction, no clipboard touch, and no editor interaction. Version 0.47.0 fixes the issue.

Action-Not Available
Vendor-kovidgoyalkovidgoyal
Product-kittykitty
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-42301
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.20% / 9.70%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 03:59
Updated-11 May, 2026 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation leading to Improper Control of Generation of Code ('Code Injection') in pyp2spec

pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata (e.g. the summary field) into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so a malicious package can execute arbitrary commands on the build machine. This issue has been patched in version 0.14.1.

Action-Not Available
Vendor-befeleme
Product-pyp2spec
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-8795
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.43%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 01:04
Updated-10 Jun, 2026 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted collection ZIP can leverage literal double quotes and newlines in the hostname to break out of the YAML quoted string and inject a new mount remapping entry. When an analyst applies the generated remapping file with --remap, arbitrary VQL executes on their machine with NullACLManager (all permissions granted, unsandboxed).

Action-Not Available
Vendor-Rapid7 LLC
Product-Velociraptor
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-42214
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.24% / 15.36%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 18:14
Updated-12 May, 2026 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension() function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which executes automatically when the victim opens the file in NotepadNext. Because luaL_openlibs() is called unconditionally, the full os, io, and package libraries are available to the injected code, enabling arbitrary command execution. This issue has been patched in version 0.14.

Action-Not Available
Vendor-dail8859dail8859
Product-notepad_nextNotepadNext
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-42049
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.4||HIGH
EPSS-0.15% / 4.73%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 21:44
Updated-15 Jul, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jadx: RCE Via Groovy Code Injection in Gradle Export

jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx inserts the android:versionName value from an AndroidManifest into the generated app/build.gradle Groovy template without proper sanitization when exporting a decompiled APK as an Android Gradle project. A malicious APK can break out of the string context so that opening or building the exported Gradle project executes attacker-controlled Groovy code on the victim machine. This issue is fixed in version 1.5.6.

Action-Not Available
Vendor-skylot
Product-jadx
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-41882
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.47% / 37.44%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nextcloud Desktop vulnerable to code injection via malicious link

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. "vbs", is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused.

Action-Not Available
Vendor-Nextcloud GmbH
Product-desktopsecurity-advisories
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-14576
Matching Score-4
Assigner-The Qt Company
ShareView Details
Matching Score-4
Assigner-The Qt Company
CVSS Score-7.4||HIGH
EPSS-0.22% / 12.97%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 12:39
Updated-15 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible QML code injection in VectorImage component

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.

Action-Not Available
Vendor-qtThe Qt CompanyRed Hat, Inc.
Product-qtdeclarativeQtRed Hat Enterprise Linux 9Multicluster Global HubRed Hat Enterprise Linux 7Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat OpenShift GitOpsRed Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Hardened Images
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-42268
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.57% / 43.48%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 19:38
Updated-08 Apr, 2025 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description (USD) files to customize all aspects of a scene. If a user opens a USD file that contains embedded Python code in one of these applications, the embedded Python code automatically runs with the privileges of the user who opened the file. As a result, an unprivileged remote attacker could craft a USD file containing malicious Python code and persuade a local user to open the file, which may lead to information disclosure, data tampering, and denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-omniverse_machinimanvidia_isaac_simomniverse_audio2faceomniverse_codeomniverse_viewomniverse_createOmniverse ViewOmniverse Audio2FaceOmniverse MachinimaNVIDIA Isaac SimOmniverse CreateOmniverse Code
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-21415
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-2.10% / 79.61%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 16:50
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Prisma Extension Remote Code Execution Vulnerability

Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a project that has a .vscode/settings.json file that sets a value for "prismaFmtBinPath". That custom binary is executed when auto-formatting is triggered by VS Code or when validation checks are triggered after each keypress on a *.prisma file. Fixed in versions 2.20.0 and 20.0.27. As a workaround users can either edit or delete the `.vscode/settings.json` file or check if the binary is malicious and delete it.

Action-Not Available
Vendor-prismaprisma
Product-language-toolslanguage-tools
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-41061
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.14% / 63.09%
||
7 Day CHG+0.01%
Published-09 Nov, 2022 | 00:00
Updated-19 May, 2026 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serveroffice_web_apps_serveroffice_online_serverofficesharepoint_enterprise_server365_appsoffice_long_term_servicing_channelwordMicrosoft Office 2019 for MacMicrosoft SharePoint Server 2019Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Word 2013 Service Pack 1Microsoft SharePoint Server Subscription EditionMicrosoft 365 Apps for EnterpriseSharePoint Server Subscription Edition Language PackMicrosoft Word 2016Microsoft Office Online ServerMicrosoft SharePoint Enterprise Server 2016Microsoft Office LTSC for Mac 2021Microsoft SharePoint Enterprise Server 2013 Service Pack 1
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-40274
Matching Score-4
Assigner-Fluid Attacks
ShareView Details
Matching Score-4
Assigner-Fluid Attacks
CVSS Score-7.8||HIGH
EPSS-0.43% / 35.20%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 16:18
Updated-20 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled.

Action-Not Available
Vendor-gridean/aLinux Kernel Organization, Inc
Product-gridealinux_kernelGridea
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-22514
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-7.8||HIGH
EPSS-0.38% / 30.06%
||
7 Day CHG~0.00%
Published-18 Mar, 2025 | 17:03
Updated-12 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H which allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac and Sourcetree for Windows customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Sourcetree for Mac and Sourcetree for Windows 3.4: Upgrade to a release greater than or equal to 3.4.15 See the release notes (https://www.sourcetreeapp.com/download-archives). You can download the latest version of Sourcetree for Mac and Sourcetree for Windows from the download center (https://www.sourcetreeapp.com/download-archives). This vulnerability was reported via our Penetration Testing program.

Action-Not Available
Vendor-Atlassian
Product-sourcetreeSourcetree for MacSourcetree for Windows
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-8374
Matching Score-4
Assigner-Checkmarx
ShareView Details
Matching Score-4
Assigner-Checkmarx
CVSS Score-7.8||HIGH
EPSS-0.43% / 35.09%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 10:01
Updated-16 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary Code Injection in Cura

UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). The vulnerability arises from improper handling of the drop_to_buildplate property within 3MF files, which are ZIP archives containing the model data. When a 3MF file is loaded in Cura, the value of the drop_to_buildplate property is passed to the Python eval() function without proper sanitization, allowing an attacker to execute arbitrary code by crafting a malicious 3MF file. This vulnerability poses a significant risk as 3MF files are commonly shared via 3D model databases.

Action-Not Available
Vendor-ultimakerUltimakerultimaker
Product-ultimaker_curaCuracura
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-38745
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.8||HIGH
EPSS-0.87% / 54.84%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 15:56
Updated-13 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache OpenOffice: Empty entry in Java class path

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.

Action-Not Available
Vendor-The Apache Software Foundation
Product-openofficeApache OpenOffice
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-7381
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.68% / 48.13%
||
7 Day CHG~0.00%
Published-03 Sep, 2020 | 13:55
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection in Rapid7 Nexpose Installer

In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Security Console installation and any arbitrary code executable using the same file name.

Action-Not Available
Vendor-Rapid7 LLC
Product-nexposeNexpose
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-35779
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.84% / 53.82%
||
7 Day CHG+0.01%
Published-09 Aug, 2022 | 19:59
Updated-29 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_real_time_operating_system_guix_studioAzure RTOS GUIX Studio
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-35743
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.45% / 70.49%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 18:07
Updated-02 Jan, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_10_1507windows_server_20h2windows_rt_8.1windows_11_21h2windows_10_1607windows_10_21h1windows_10_21h2windows_10_1809windows_7windows_10_20h2windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-32897
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.1||HIGH
EPSS-0.42% / 34.16%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 19:21
Updated-03 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-32924
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.53% / 41.17%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macoswatchosipadostvosiphone_osmacOSwatchOStvOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-56334
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.70% / 48.96%
||
7 Day CHG~0.00%
Published-20 Dec, 2024 | 20:10
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands. This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. This issue has been addressed in version 5.23.7 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-sebhildebrandt
Product-systeminformation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-30175
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.12% / 62.50%
||
7 Day CHG+0.01%
Published-09 Aug, 2022 | 19:48
Updated-24 Jun, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_real_time_operating_system_guix_studioAzure RTOS GUIX Studio
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-54529
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.33% / 25.44%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-52945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 13.56%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 00:00
Updated-30 Apr, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context.

Action-Not Available
Vendor-n/aVeritas Technologies LLC
Product-netbackupn/anetbackup
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-1535
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-70.38% / 99.31%
||
7 Day CHG~0.00%
Published-15 Aug, 2012 | 10:00
Updated-22 Apr, 2026 | 10:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||The impacted product is end-of-life and should be disconnected if still in use.

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.

Action-Not Available
Vendor-n/aRed Hat, Inc.Apple Inc.openSUSEMicrosoft CorporationAdobe Inc.SUSELinux Kernel Organization, Inc
Product-linux_enterprise_desktopmac_os_xenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopwindowsflash_playerlinux_kernelopensusen/aFlash Player
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-46517
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.44%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 23:05
Updated-11 Jun, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trust_remote_code=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches.

Action-Not Available
Vendor-InternLM
Product-lmdeploy
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-40156
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.21% / 11.07%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 16:46
Updated-20 Apr, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.spec_from_file_location and immediately executes module-level code via spec.loader.exec_module() without explicit user consent, validation, or sandboxing. The tools.py file is loaded implicitly, even when it is not referenced in configuration files or explicitly requested by the user. As a result, merely placing a file named tools.py in the working directory is sufficient to trigger code execution. This behavior violates the expected security boundary between user-controlled project files (e.g., YAML configurations) and executable code, as untrusted content in the working directory is treated as trusted and executed automatically. If an attacker can place a malicious tools.py file into a directory where a user or automated system (e.g., CI/CD pipeline) runs praisonai, arbitrary code execution occurs immediately upon startup, before any agent logic begins. This vulnerability is fixed in 4.5.128.

Action-Not Available
Vendor-praisonMervinPraison
Product-praisonaiPraisonAI
CWE ID-CWE-426
Untrusted Search Path
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-41921
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-0.19% / 8.75%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 19:13
Updated-26 Aug, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe use of eval() method in rostopic echo tool

A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.

Action-Not Available
Vendor-openroboticsOpen Source Robotics Foundation
Product-robot_operating_systemRobot Operating System (ROS)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2012-0014
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-28.17% / 97.89%
||
7 Day CHG~0.00%
Published-14 Feb, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7mac_os_xwindows_server_2008windows_vista.net_frameworkwindows_xpsilverlightwindowswindows_server_2003n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-41148
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-0.19% / 8.75%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 19:12
Updated-26 Aug, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe use of eval() method in rostopic hz tool

A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.

Action-Not Available
Vendor-openroboticsOpen Source Robotics Foundation
Product-robot_operating_systemRobot Operating System (ROS)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2024-39289
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-0.18% / 7.35%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 19:11
Updated-26 Aug, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe use of eval() method in rosparam tool

A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-supplied parameter values via special converters for angle representations in radians. This flaw allowed attackers to craft and execute arbitrary Python code.

Action-Not Available
Vendor-openroboticsOpen Source Robotics Foundation
Product-robot_operating_systemRobot Operating System (ROS)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found