Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-9135

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-17 Jul, 2026 | 18:48
Updated At-17 Jul, 2026 | 18:48
Rejected At-
Credits

Policies Component Dynamic CodeInput Fields Bypass Custom Component Validation

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 (commit 94981c443d4918517b9e8163d70fc598dc33a32d) contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allow_custom_components=false security control. The vulnerability exists because the validation mechanism only checks the main component source code in node_template["code"]["value"] but fails to validate dynamic CodeInput fields that store generated ToolGuard Python files. Attackers can embed malicious Python code in these unvalidated dynamic fields, which are persisted in Flow.data and later executed server-side when a guarded tool is invoked through the ToolGuard runtime. This allows authenticated users with flow creation privileges to achieve arbitrary Python code execution on the backend despite custom component restrictions. The vulnerability can be escalated through cross-tenant flow manipulation via the agentic MCP update_flow_component_field tool, which accepts attacker-controlled user_id parameters, enabling attackers to inject malicious code into victim users' flows. When combined with publicly accessible flows and specific misconfigurations (AUTO_LOGIN=true, NEW_USER_IS_ACTIVE=true), the attack can be conducted with reduced authentication requirements.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:17 Jul, 2026 | 18:48
Updated At:17 Jul, 2026 | 18:48
Rejected At:
â–¼CVE Numbering Authority (CNA)
Policies Component Dynamic CodeInput Fields Bypass Custom Component Validation

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 (commit 94981c443d4918517b9e8163d70fc598dc33a32d) contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allow_custom_components=false security control. The vulnerability exists because the validation mechanism only checks the main component source code in node_template["code"]["value"] but fails to validate dynamic CodeInput fields that store generated ToolGuard Python files. Attackers can embed malicious Python code in these unvalidated dynamic fields, which are persisted in Flow.data and later executed server-side when a guarded tool is invoked through the ToolGuard runtime. This allows authenticated users with flow creation privileges to achieve arbitrary Python code execution on the backend despite custom component restrictions. The vulnerability can be escalated through cross-tenant flow manipulation via the agentic MCP update_flow_component_field tool, which accepts attacker-controlled user_id parameters, enabling attackers to inject malicious code into victim users' flows. When combined with publicly accessible flows and specific misconfigurations (AUTO_LOGIN=true, NEW_USER_IS_ACTIVE=true), the attack can be conducted with reduced authentication requirements.

Affected Products
Vendor
IBM CorporationIBM
Product
Langflow OSS
CPEs
  • cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*
Versions
Affected
  • From 1.0.0 through 1.10.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-94CWE-94 Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-94
Description: CWE-94 Improper Control of Generation of Code ('Code Injection')
Metrics
VersionBase scoreBase severityVector
3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.10.1

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.ibm.com/support/pages/node/7278920
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7278920
Resource:
vendor-advisory
patch
Information is not available yet

Similar CVEs

174Records found

CVE-2026-7873
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.29% / 21.37%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 19:13
Updated-02 Jul, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection Vulnerability in Code Validation Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.

Action-Not Available
Vendor-langflowIBM Corporation
Product-langflowLangflow OSS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-45076
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.55% / 42.15%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 15:59
Updated-06 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM webMethods Integration code execution

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.

Action-Not Available
Vendor-IBM Corporation
Product-webmethods_integrationwebMethods Integration
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-13772
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 20.31%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 19:21
Updated-03 Jul, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere eXtreme Scale's OQL is affected by remote code execution

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators); an authenticated remote attacker who can influence an application-built OQL query string can execute arbitrary constructors on the WAS JVM, and a SELECT DISTINCT variant using planted grid values fires the same gadget post-readObject in a manner that survives JEP-290 serialization filters across grid node boundaries

Action-Not Available
Vendor-IBM Corporation
Product-websphere_extreme_scaleWebSphere Extreme Scale
CWE ID-CWE-470
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CVE-2023-35893
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.9||CRITICAL
EPSS-1.07% / 61.11%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 21:53
Updated-08 Oct, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium command execution

IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 258824.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardiumsecurity_guardium
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-27874
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.9||CRITICAL
EPSS-1.34% / 68.17%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 14:33
Updated-26 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex XML external entity injection

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-aspera_faspexlinux_kernelAspera Faspex
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-27867
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-1.63% / 73.48%
||
7 Day CHG+0.25%
Published-08 Jul, 2023 | 18:43
Updated-13 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 code execution

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249514.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-27869
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-1.63% / 73.48%
||
7 Day CHG+0.25%
Published-08 Jul, 2023 | 18:40
Updated-13 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 code execution

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249517.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-8633
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.85% / 53.95%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 17:19
Updated-27 May, 2026 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using when using Web Server Plug-ins

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWeb Server Plug-ins for WebSphere Application Server and WebSphere Liberty
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-27866
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-1.03% / 59.69%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 15:41
Updated-28 Oct, 2024 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Informix JDBC code execution

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511.

Action-Not Available
Vendor-IBM Corporation
Product-informix_jdbc_driverInformix JDBC
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-9198
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 17:36
Updated-17 Jul, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/auto_login (mints SUPERUSER tokens to any network caller) with /api/v1/validate/code (executes user code via exec()) to achieve full RCE on default Langflow deployments

Action-Not Available
Vendor-IBM Corporation
Product-Langflow OSS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-6543
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.47% / 37.64%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 21:11
Updated-11 May, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.

Action-Not Available
Vendor-langflowIBM Corporation
Product-langflow_desktopLangflow Desktop
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-9762
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 17:25
Updated-17 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control.

Action-Not Available
Vendor-IBM Corporation
Product-Db2
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-23477
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-1.95% / 77.94%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 17:24
Updated-25 Mar, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server code execution

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.

Action-Not Available
Vendor-HP Inc.IBM CorporationOracle CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-52899
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.5||HIGH
EPSS-0.77% / 51.56%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 00:34
Updated-04 Aug, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Data Virtualization Manager code execution

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server.

Action-Not Available
Vendor-IBM Corporation
Product-data_virtualization_manager_for_z\/osData Virtualization Manager for z/OSdata_virtualization_manager_for_z-os
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-38319
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.99%
||
7 Day CHG~0.00%
Published-22 Jun, 2024 | 18:56
Updated-02 Aug, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security SOAR code execution

IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830.

Action-Not Available
Vendor-IBM Corporation
Product-Security SOAR
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-38967
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.2||HIGH
EPSS-0.25% / 16.66%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 16:45
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-1792
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.52% / 40.67%
||
7 Day CHG~0.00%
Published-13 Nov, 2018 | 15:00
Updated-16 Sep, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_mqMQ
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-29679
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-1.94% / 77.78%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 15:55
Updated-17 Sep, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-29772
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.92% / 56.32%
||
7 Day CHG~0.00%
Published-26 Aug, 2021 | 19:25
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-9072
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.41% / 33.10%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:21
Updated-09 Jul, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WebSphere Application Server Remote Code Execution

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in.

Action-Not Available
Vendor-IBM Corporation
Product-iWebSphere Application Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-9170
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 38.77%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 17:31
Updated-11 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to improper input validation.

Action-Not Available
Vendor-IBM Corporation
Product-http_serverHTTP Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-8855
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.46% / 36.78%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 16:58
Updated-28 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).

Action-Not Available
Vendor-IBM Corporation
Product-HTTP Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-10109
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.86% / 54.39%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 20:02
Updated-02 Jul, 2026 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-10561
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-10||CRITICAL
EPSS-0.50% / 39.60%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 13:22
Updated-26 Jun, 2026 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise

Action-Not Available
Vendor-langflowIBM Corporation
Product-langflowLangflow OSS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-9311
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9||CRITICAL
EPSS-0.51% / 39.96%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 17:49
Updated-04 Jun, 2026 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server is affected by remote code execution

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-25021
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.56% / 42.57%
||
7 Day CHG+0.02%
Published-03 Jun, 2025 | 15:17
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar Suite Software and IBM Cloud Pak for Security code injection

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_securityqradar_suiteCloud Pak for SecurityQRadar Suite Software
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-8858
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 17.53%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:16
Updated-09 Jul, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WebSphere Application Server Remote Code Execution

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.

Action-Not Available
Vendor-IBM Corporation
Product-iWebSphere Application Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-0161
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 13.74%
||
7 Day CHG~0.00%
Published-20 Feb, 2025 | 16:02
Updated-11 Aug, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access Appliance code injection

IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-1789
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.23% / 86.82%
||
7 Day CHG~0.00%
Published-22 Mar, 2018 | 12:00
Updated-16 Sep, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_monitoringTivoli Monitoring V6
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-1753
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.85% / 53.98%
||
7 Day CHG~0.00%
Published-20 Aug, 2018 | 21:00
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerrational_quality_managerrational_team_concertrational_rhapsody_design_managerrational_software_architect_design_managerRational Quality ManagerRational Software Architect Design ManagerRational DOORS Next GenerationRational Rhapsody Design ManagerRational Collaborative Lifecycle ManagementRational Engineering Lifecycle ManagerRational Team Concert
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-1721
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.6||MEDIUM
EPSS-1.40% / 69.48%
||
7 Day CHG~0.00%
Published-26 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerSecurity QRadar SIEM
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-1469
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 31.57%
||
7 Day CHG~0.00%
Published-14 Aug, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-1329
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.85% / 53.98%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231.

Action-Not Available
Vendor-IBM Corporation
Product-rational_collaborative_lifecycle_managementrational_quality_managerRational Quality Manager
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-1336
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.68% / 48.09%
||
7 Day CHG~0.00%
Published-07 Dec, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_biginsightsBigInsights
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-1440
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-2.96% / 85.63%
||
7 Day CHG~0.00%
Published-30 Aug, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105.

Action-Not Available
Vendor-IBM Corporation
Product-emptoris_services_procurementEmptoris Services Procurement
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-1242
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.85% / 53.98%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524.

Action-Not Available
Vendor-IBM Corporation
Product-rational_collaborative_lifecycle_managementrational_quality_managerRational Quality Manager
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-1248
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.13% / 62.74%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628.

Action-Not Available
Vendor-IBM Corporation
Product-rational_collaborative_lifecycle_managementrational_quality_managerRational Quality Manager
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-35897
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.23% / 14.24%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 13:06
Updated-19 Sep, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Protect code execution

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.

Action-Not Available
Vendor-IBM Corporation
Product-storage_protectstorage_protect_clientStorage Protect ClientStorage Protect for Virtual Environmentsstorage_protectstorage_protect_client
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2026-10134
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-10||CRITICAL
EPSS-0.31% / 23.39%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 19:56
Updated-02 Jul, 2026 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.

Action-Not Available
Vendor-langflowIBM Corporation
Product-langflowLangflow OSS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-36014
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.2||HIGH
EPSS-0.22% / 12.09%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 16:15
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Integration Bus for z/OS code injection

IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.

Action-Not Available
Vendor-IBM Corporation
Product-z\/osintegration_busIntegration Bus
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-27868
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-1.63% / 73.48%
||
7 Day CHG+0.25%
Published-08 Jul, 2023 | 18:46
Updated-13 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 code execution

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-4038
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.44% / 35.54%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 21:00
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_managerSecurity Identity Manager
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-30990
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.6||HIGH
EPSS-1.01% / 59.19%
||
7 Day CHG-0.01%
Published-03 Jul, 2023 | 23:14
Updated-25 Nov, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i command execution

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-4716
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-10||CRITICAL
EPSS-86.44% / 99.72%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 16:15
Updated-14 Jan, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning AnalyticsPlanning Analytics
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-1808
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.59% / 72.96%
||
7 Day CHG~0.00%
Published-13 Nov, 2018 | 15:00
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_commerceWebSphere Commerce
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-54823
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 34.55%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:12
Updated-25 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.

Action-Not Available
Vendor-MarketingFire
Product-Widget Options
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-46512
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-Not Assigned
Published-16 Jul, 2026 | 18:15
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frogman: Dialplan template parameters interpolated into extensions_custom.conf without escaping

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, fm_dialplan_apply accepted template parameters including greeting, dest, url, extension, code, and file, and Tools/DialplanApply.php wrote Dialplan/Templates.php output to extensions_custom.conf while only Dialplan/TemplateBase.php:38-42 sanitized contextName(), allowing a PERM_WRITE caller using confirm:true to inject arbitrary Asterisk directives such as System(), Set(SHELL(...)), Goto, or Macro. This issue is fixed in version 1.6.2.

Action-Not Available
Vendor-mwtcmi
Product-frogman
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-49774
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.28% / 19.94%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 09:02
Updated-16 Jun, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0.

Action-Not Available
Vendor-Filipe Nasc
Product-RD Station
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-48614
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.9||CRITICAL
EPSS-0.33% / 25.11%
||
7 Day CHG+0.04%
Published-06 Jul, 2026 | 16:46
Updated-06 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server.

Action-Not Available
Vendor-WebPros
Product-Plesk
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-52427
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.73% / 49.93%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 14:22
Updated-11 May, 2026 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Event Tickets with Ticket Scanner plugin <= 2.3.11 - Remote Code Execution (RCE) vulnerability

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.3.11.

Action-Not Available
Vendor-vollstartVollstartsaso_nikolov
Product-event_tickets_with_ticket_scannerEvent Tickets with Ticket Scannerevent_tickets_with_ticket_scanner
CWE ID-CWE-82
Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found