IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locat...
A security flaw has been discovered in oitcode samarium up to 0.9.6. This vulnerability affects unknown code of the file /cms/webpage/ of the component Pages Image Handler. The manipulation results in...
A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument...
A flaw has been found in mtons mblog up to 3.5.0. Affected by this vulnerability is an unknown functionality of the file /settings/profile. Executing manipulation of the argument signature can lead to...
Code Injection in paddlepaddle/paddle
The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname synta...
Azure CycleCloud Remote Code Execution Vulnerability
An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to by...
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system i...
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.
Xenforo before 2.2.16 allows code injection.
Microsoft SharePoint Server Remote Code Execution Vulnerability
Code Injection in GitHub repository nuitka/nuitka prior to 0.9.
All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of ...
In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol.
Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
Code Injection in GitHub repository getgrav/grav prior to 1.7.34.
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local fil...
WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.
Subrion 4.2.1 has a remote command execution vulnerability in the backend.
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console an...
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages....
All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functiona...
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually ...
OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution.
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. ...
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible
VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without...
Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible
Unauthenticated remote code execution
Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6.
Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow.
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php