Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-9147

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-18 Jul, 2026 | 12:46
Updated At-18 Jul, 2026 | 12:46
Rejected At-
Credits

uproot 5.7.4 and prior Code Injection via TStreamerInfo Metadata

uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields (for example, streamer element names) are interpolated into the generated Python source without safe quoting via repr() or the !r format specifier. An attacker who can supply a crafted ROOT file can place Python expression-breaking content into a streamer metadata field. When uproot generates and invokes the corresponding reader method, the injected Python expression is evaluated in the context of the process opening the file, resulting in arbitrary Python code execution in applications that open or process attacker-controlled ROOT files with affected uproot code paths.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:18 Jul, 2026 | 12:46
Updated At:18 Jul, 2026 | 12:46
Rejected At:
â–¼CVE Numbering Authority (CNA)
uproot 5.7.4 and prior Code Injection via TStreamerInfo Metadata

uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields (for example, streamer element names) are interpolated into the generated Python source without safe quoting via repr() or the !r format specifier. An attacker who can supply a crafted ROOT file can place Python expression-breaking content into a streamer metadata field. When uproot generates and invokes the corresponding reader method, the injected Python expression is evaluated in the context of the process opening the file, resulting in arbitrary Python code execution in applications that open or process attacker-controlled ROOT files with affected uproot code paths.

Affected Products
Vendor
scikit-hep
Product
uproot
Default Status
affected
Versions
Affected
  • From 0 through 5.7.4 (git)
Problem Types
TypeCWE IDDescription
CWECWE-94Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-94
Description: Improper Control of Generation of Code ('Code Injection')
Metrics
VersionBase scoreBase severityVector
4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Sai Teja Erukude
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/scikit-hep/uproot5/security/advisories/GHSA-6946-mq52-g438
issue-tracking
https://github.com/scikit-hep/uproot5/commit/c045c2824295d907d2e705f31110c742928e50e7
issue-tracking
https://github.com/scikit-hep/uproot5
product
https://www.vulncheck.com/advisories/uproot-and-before-code-injection-via-tstreamerinfo-metadata
third-party-advisory
Hyperlink: https://github.com/scikit-hep/uproot5/security/advisories/GHSA-6946-mq52-g438
Resource:
issue-tracking
Hyperlink: https://github.com/scikit-hep/uproot5/commit/c045c2824295d907d2e705f31110c742928e50e7
Resource:
issue-tracking
Hyperlink: https://github.com/scikit-hep/uproot5
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/uproot-and-before-code-injection-via-tstreamerinfo-metadata
Resource:
third-party-advisory
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:18 Jul, 2026 | 13:17
Updated At:18 Jul, 2026 | 13:17

uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields (for example, streamer element names) are interpolated into the generated Python source without safe quoting via repr() or the !r format specifier. An attacker who can supply a crafted ROOT file can place Python expression-breaking content into a streamer metadata field. When uproot generates and invokes the corresponding reader method, the injected Python expression is evaluated in the context of the process opening the file, resulting in arbitrary Python code execution in applications that open or process attacker-controlled ROOT files with affected uproot code paths.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-94Primarydisclosure@vulncheck.com
CWE ID: CWE-94
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/scikit-hep/uproot5disclosure@vulncheck.com
N/A
https://github.com/scikit-hep/uproot5/commit/c045c2824295d907d2e705f31110c742928e50e7disclosure@vulncheck.com
N/A
https://github.com/scikit-hep/uproot5/security/advisories/GHSA-6946-mq52-g438disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/uproot-and-before-code-injection-via-tstreamerinfo-metadatadisclosure@vulncheck.com
N/A
Hyperlink: https://github.com/scikit-hep/uproot5
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/scikit-hep/uproot5/commit/c045c2824295d907d2e705f31110c742928e50e7
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/scikit-hep/uproot5/security/advisories/GHSA-6946-mq52-g438
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/uproot-and-before-code-injection-via-tstreamerinfo-metadata
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

115Records found

CVE-2024-27856
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.63% / 45.99%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 19:35
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchossafarimacosiphone_osipadosSafarivisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-27793
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.68% / 48.41%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 22:15
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiTunes for Windowsitunes
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-22514
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-7.8||HIGH
EPSS-0.38% / 30.05%
||
7 Day CHG~0.00%
Published-18 Mar, 2025 | 17:03
Updated-12 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H which allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac and Sourcetree for Windows customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Sourcetree for Mac and Sourcetree for Windows 3.4: Upgrade to a release greater than or equal to 3.4.15 See the release notes (https://www.sourcetreeapp.com/download-archives). You can download the latest version of Sourcetree for Mac and Sourcetree for Windows from the download center (https://www.sourcetreeapp.com/download-archives). This vulnerability was reported via our Penetration Testing program.

Action-Not Available
Vendor-Atlassian
Product-sourcetreeSourcetree for MacSourcetree for Windows
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-8795
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.43%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 01:04
Updated-10 Jun, 2026 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted collection ZIP can leverage literal double quotes and newlines in the hostname to break out of the YAML quoted string and inject a new mount remapping entry. When an analyst applies the generated remapping file with --remap, arbitrary VQL executes on their machine with NullACLManager (all permissions granted, unsandboxed).

Action-Not Available
Vendor-Rapid7 LLC
Product-Velociraptor
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-59858
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.4||HIGH
EPSS-0.14% / 3.52%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 22:37
Updated-14 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim: Arbitrary Code Execution via C Omni-Completion

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honors the bar as a command separator, a crafted tag field can close the search pattern and append an arbitrary Ex command; opening a hostile .c file whose project tags file contains such an entry and invoking C omni-completion runs that command as the editing user. This issue is fixed in version 9.2.0735.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-59856
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.4||HIGH
EPSS-0.17% / 6.51%
||
7 Day CHG-0.31%
Published-09 Jul, 2026 | 22:39
Updated-14 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim: Arbitrary Code Execution via PHP Omni-Completion

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search() pattern that is run via win_execute() without escaping. A name containing a single quote can terminate the search() string argument early, and because the bar is honored as an Ex command separator, the remainder of the name is run as Ex commands; via the :! command this allows arbitrary operating-system command execution when a victim opens a crafted PHP file and invokes omni-completion. This issue is fixed in version 9.2.0736.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-33636
Matching Score-4
Assigner-openEuler
ShareView Details
Matching Score-4
Assigner-openEuler
CVSS Score-8.4||HIGH
EPSS-0.25% / 15.87%
||
7 Day CHG~0.00%
Published-29 Oct, 2023 | 07:58
Updated-09 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Load malicious images may cause process to be hijacked

When the isula load command is used to load malicious images, attackers can execute arbitrary code.

Action-Not Available
Vendor-openEuler (OpenAtom Foundation)
Product-isulaiSuladisulad
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-665
Improper Initialization
CVE-2021-33635
Matching Score-4
Assigner-openEuler
ShareView Details
Matching Score-4
Assigner-openEuler
CVSS Score-9.8||CRITICAL
EPSS-0.56% / 42.63%
||
7 Day CHG~0.00%
Published-29 Oct, 2023 | 07:56
Updated-09 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pull malicious images may cause process to be hijacked

When malicious images are pulled by isula pull, attackers can execute arbitrary code.

Action-Not Available
Vendor-openEuler (OpenAtom Foundation)
Product-isulaiSuladisulad
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-665
Improper Initialization
CVE-2021-31949
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-2.57% / 83.39%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook Remote Code Execution Vulnerability

Microsoft Outlook Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office365_appsoutlookMicrosoft 365 Apps for EnterpriseMicrosoft Outlook 2013 Service Pack 1Microsoft Office 2019Microsoft Outlook 2016
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-53940
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.17% / 6.49%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 19:57
Updated-07 Apr, 2026 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js child_process module when the file is opened.

Action-Not Available
Vendor-Alfonzm
Product-Codigo Markdown Editor
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-31198
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-4.87% / 91.07%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 20Microsoft Exchange Server 2019 Cumulative Update 9Microsoft Exchange Server 2019 Cumulative Update 8Microsoft Exchange Server 2016 Cumulative Update 19
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-55895
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.15% / 5.02%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 15:31
Updated-26 Jun, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when deleting a local file from the browser. A filename derived from the buffer's directory listing is interpolated into an Ex command line passed to :execute with only the backslash character escaped, allowing a crafted filename containing a bar (|) to terminate the intended command and execute arbitrary Vimscript, including shell commands via :call system() and :!. This vulnerability is fixed in 9.2.0663.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-53511
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.5||HIGH
EPSS-0.20% / 9.68%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 20:46
Updated-10 Jul, 2026 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
calibre: Arbitrary Code Execution in Template Formatter via Book Metadata

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:user_metadata that is passed unsanitized to exec() in the template formatter. This issue is fixed in version 9.10.0.

Action-Not Available
Vendor-kovidgoyal
Product-calibre
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-52858
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.20% / 10.15%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 18:32
Updated-15 Jun, 2026 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pythoncomplete.vim for builds with the +python interpreter) executes the import and from statements found in the current buffer through Python's import machinery. Because the buffer's working directory is on sys.path, opening a hostile .py file with a sibling Python package and invoking omni-completion runs that package's top-level code as the editing user. This issue has been patched in version 9.2.0561.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2021-25808
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.21% / 65.12%
||
7 Day CHG~0.00%
Published-23 Jul, 2021 | 19:39
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.

Action-Not Available
Vendor-bluditn/a
Product-bluditn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-52860
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 12.94%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 18:33
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. Python evaluates function default values, parameter annotations, and class base expressions at definition time, so a hostile buffer can execute attacker-controlled Python expressions during omni-completion. The existing g:pythoncomplete_allow_import mitigation (GHSA-52mc-rq6p-rc7c) does not cover this path, because the attacker-controlled code is not a harvested import/from statement. This issue has been patched in version 9.2.0597.

Action-Not Available
Vendor-VimRed Hat, Inc.
Product-vimvimRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-54074
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.64%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 20:47
Updated-02 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
@tinacms/cli: Remote Code Execution via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "__TINA_INTERNAL__:::(.*?):::" inside the stringified collection JSON. User-supplied label and name fields from .forestry/**/*.yml are placed into that JSON without any sanitisation. An attacker who controls a Forestry-style project can therefore inject arbitrary JavaScript into the generated tina/templates.{ts,js} file. The injected code is written at module top level, so it executes the moment the developer runs tinacms dev or tinacms build, with the developer's privileges. This issue has been fixed in version 2.4.3.

Action-Not Available
Vendor-tinacms
Product-tinacms
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-22204
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.8||MEDIUM
EPSS-99.98% / 99.98%
||
7 Day CHG~0.00%
Published-23 Apr, 2021 | 17:22
Updated-03 Nov, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-12-01||Apply updates per vendor instructions.

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Action-Not Available
Vendor-exiftool_projectExifToolPerlFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxexiftoolExifToolExiftool
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-22557
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-5.3||MEDIUM
EPSS-1.58% / 72.76%
||
7 Day CHG~0.00%
Published-04 Oct, 2021 | 10:10
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code execution in SLO Generator via YAML Payload

SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173

Action-Not Available
Vendor-Google LLC
Product-slo_generatorSLO Generator
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-46517
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.44%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 23:05
Updated-11 Jun, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trust_remote_code=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches.

Action-Not Available
Vendor-InternLM
Product-lmdeploy
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-21415
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-2.10% / 79.59%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 16:50
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Prisma Extension Remote Code Execution Vulnerability

Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a project that has a .vscode/settings.json file that sets a value for "prismaFmtBinPath". That custom binary is executed when auto-formatting is triggered by VS Code or when validation checks are triggered after each keypress on a *.prisma file. Fixed in versions 2.20.0 and 20.0.27. As a workaround users can either edit or delete the `.vscode/settings.json` file or check if the binary is malicious and delete it.

Action-Not Available
Vendor-prismaprisma
Product-language-toolslanguage-tools
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-50650
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 20.53%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:29
Updated-17 Jul, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Framework Elevation of Privilege Vulnerability

Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft .NET Framework 3.5Microsoft Visual Studio 2022 version 17.12Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2.NET 9.0Microsoft Visual Studio 2026 version 18.7Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 4.8Microsoft Visual Studio 2022 version 17.14.NET 8.0
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-48124
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.5||HIGH
EPSS-0.14% / 4.09%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 19:56
Updated-16 Jun, 2026 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cursor Desktop sandbox escape via Claude hook configuration

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run local commands in the user's context when an agent turn ends. This could allow sandbox escape, persistence across turns, local data access, or follow-on compromise. This issue has been fixed in version 3.0.0.

Action-Not Available
Vendor-cursor
Product-cursor
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-44141
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.29% / 20.79%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 03:42
Updated-06 Sep, 2024 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file.

Action-Not Available
Vendor-inkdropTakuya Matsuyama
Product-inkdropInkdrop
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-24159
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.33% / 24.75%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:45
Updated-02 Jun, 2026 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved logic. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSwatchOSmacOSiPadOSiOS and iPadOStvOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-24243
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.51% / 39.79%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 22:23
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-43352
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.53% / 41.05%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.

Action-Not Available
Vendor-n/aThe CMS Made Simple Foundation
Product-cms_made_simplen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-47292
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 29.02%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:04
Updated-15 Jul, 2026 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code - MSSQL Extension
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-41984
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.50% / 39.33%
||
7 Day CHG~0.00%
Published-26 Sep, 2023 | 20:14
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-tvoswatchosipadosmacosiphone_oswatchOSiOS and iPadOStvOSmacOSmacostvosios_and_ipadoswatchos
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-45555
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 4.03%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 12:54
Updated-01 Jun, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Roslyn CodeLens MCP Server: Untrusted Roslyn Analyzer Execution via get_diagnostics Leads to Arbitrary Code Execution

Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the get_diagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user confirmation; includeAnalyzers defaults to true, so no explicit opt-in is required. An attacker who can place a malicious .csproj referencing an attacker-controlled DLL in a location the victim opens with the MCP server will achieve arbitrary code execution in the server process with the server's OS privileges. This vulnerability is fixed in 1.17.0.

Action-Not Available
Vendor-MarcelRoozekrans
Product-roslyn-codelens-mcp
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-41898
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.16% / 6.00%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 22:08
Updated-12 Sep, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android

Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`.

Action-Not Available
Vendor-home-assistanthome-assistant
Product-home_assistant_companioncore
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-44728
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.12% / 2.59%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 17:48
Updated-28 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Control of Generation of Code when compiling specifically crafted malicious code with @babel/plugin-transform-modules-systemjs

Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and 8.0.0-alpha.13.

Action-Not Available
Vendor-babelbabel@babel
Product-babelbabelplugin-transform-modules-systemjs
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-45136
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.19% / 8.57%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 20:48
Updated-02 Jun, 2026 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh (introduced in v3.5.0) interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user's Claude Code process. This vulnerability is fixed in 3.5.2.

Action-Not Available
Vendor-cnighswongercnighswonger
Product-claude-code-cache-fixclaude-code-cache-fix
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-42301
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.20% / 9.71%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 03:59
Updated-11 May, 2026 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation leading to Improper Control of Generation of Code ('Code Injection') in pyp2spec

pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata (e.g. the summary field) into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so a malicious package can execute arbitrary commands on the build machine. This issue has been patched in version 0.14.1.

Action-Not Available
Vendor-befeleme
Product-pyp2spec
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-21187
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.73% / 50.20%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Power Automate Remote Code Execution Vulnerability

Microsoft Power Automate Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-power_automate_for_desktopPower Automate for Desktop
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-61433
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.14% / 4.06%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 11:25
Updated-15 Jul, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PraisonAI before 4.6.78 Code Injection via API deployment generator

PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agents_file configuration parameters that execute when the generated server starts or handles requests.

Action-Not Available
Vendor-MervinPraison
Product-PraisonAI
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3906
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-84.97% / 99.69%
||
7 Day CHG~0.00%
Published-06 Nov, 2013 | 11:00
Updated-22 Apr, 2026 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-08-15||Apply updates per vendor instructions.

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-word_viewerwindows_server_2008windows_vistaexcel_viewerlyncpowerpoint_vieweroffice_compatibility_packofficen/aGraphics Component
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-35897
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.23% / 14.25%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 13:06
Updated-19 Sep, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Protect code execution

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.

Action-Not Available
Vendor-IBM Corporation
Product-storage_protectstorage_protect_clientStorage Protect ClientStorage Protect for Virtual Environmentsstorage_protectstorage_protect_client
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2026-57456
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.4||HIGH
EPSS-0.14% / 4.09%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 15:16
Updated-26 Jun, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim: Arbitrary Code Execution via Python Omni-Completion Docstrings

Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. When reconstructing that source, each scope's docstring is inserted verbatim between triple quotes with no escaping, so a hostile buffer can break out of the triple-quoted literal and execute attacker-controlled Python during omni-completion. This vulnerability is fixed in 9.2.0699.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-14576
Matching Score-4
Assigner-The Qt Company
ShareView Details
Matching Score-4
Assigner-The Qt Company
CVSS Score-7.4||HIGH
EPSS-0.22% / 12.96%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 12:39
Updated-15 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible QML code injection in VectorImage component

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.

Action-Not Available
Vendor-qtThe Qt CompanyRed Hat, Inc.
Product-qtdeclarativeQtRed Hat Enterprise Linux 9Multicluster Global HubRed Hat Enterprise Linux 7Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat OpenShift GitOpsRed Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Hardened Images
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-36702
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.95% / 57.43%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DirectMusic Remote Code Execution Vulnerability

Microsoft DirectMusic Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_11_21h2windows_10_1809windows_10_22h2windows_10_21h2windows_11_22h2windows_10_1607windows_server_2022windows_10_1507windows_server_2019windows_server_2008windows_server_2016Windows 10 Version 1607Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3129
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-32.38% / 98.14%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_server_2008lync_basicwindows_vistalync.net_frameworkvisual_studio_.netwindows_xpsilverlightofficewindows_8windows_server_2012windows_server_2003n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-40158
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.24% / 15.04%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 16:49
Updated-20 Apr, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonai

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running untrusted agent code. The _execute_code_direct function in praisonaiagents/tools/python_tools.py uses AST filtering to block dangerous Python attributes like __subclasses__, __globals__, and __bases__. However, the filter only checks ast.Attribute nodes, allowing a bypass. The sandbox relies on AST-based filtering of attribute access but fails to account for dynamic attribute resolution via built-in methods such as type.getattribute, resulting in incomplete enforcement of security restrictions. The string '__subclasses__' is an ast.Constant, not an ast.Attribute, so it is never checked against the blocked list. This vulnerability is fixed in 4.5.128.

Action-Not Available
Vendor-praisonMervinPraison
Product-praisonaiPraisonAI
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-40156
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.21% / 11.07%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 16:46
Updated-20 Apr, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.spec_from_file_location and immediately executes module-level code via spec.loader.exec_module() without explicit user consent, validation, or sandboxing. The tools.py file is loaded implicitly, even when it is not referenced in configuration files or explicitly requested by the user. As a result, merely placing a file named tools.py in the working directory is sufficient to trigger code execution. This behavior violates the expected security boundary between user-controlled project files (e.g., YAML configurations) and executable code, as untrusted content in the working directory is treated as trusted and executed automatically. If an attacker can place a malicious tools.py file into a directory where a user or automated system (e.g., CI/CD pipeline) runs praisonai, arbitrary code execution occurs immediately upon startup, before any agent logic begins. This vulnerability is fixed in 4.5.128.

Action-Not Available
Vendor-praisonMervinPraison
Product-praisonaiPraisonAI
CWE ID-CWE-426
Untrusted Search Path
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-33733
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.12% / 79.82%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 00:00
Updated-08 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

Action-Not Available
Vendor-reportlabn/a
Product-reportlabn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-8374
Matching Score-4
Assigner-Checkmarx
ShareView Details
Matching Score-4
Assigner-Checkmarx
CVSS Score-7.8||HIGH
EPSS-0.43% / 35.08%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 10:01
Updated-16 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary Code Injection in Cura

UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). The vulnerability arises from improper handling of the drop_to_buildplate property within 3MF files, which are ZIP archives containing the model data. When a 3MF file is loaded in Cura, the value of the drop_to_buildplate property is passed to the Python eval() function without proper sanitization, allowing an attacker to execute arbitrary code by crafting a malicious 3MF file. This vulnerability poses a significant risk as 3MF files are commonly shared via 3D model databases.

Action-Not Available
Vendor-ultimakerUltimakerultimaker
Product-ultimaker_curaCuracura
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-32418
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.42% / 34.35%
||
7 Day CHG~0.00%
Published-27 Jul, 2023 | 00:31
Updated-23 Oct, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-32383
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.25% / 16.80%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 22:03
Updated-20 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-39881
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.62% / 45.71%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 20:18
Updated-22 Apr, 2026 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim Ex command injection in Vims NetBeans integration

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-54529
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.33% / 25.44%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found