VulnCheck KEV: CVE-2026-27760

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

UBUNTU-CVE-2025-56814

A code injection vulnerability in the wxExecute function of OpenCPN...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.28 RCE (7276560)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7276560 advisory. - IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, when using Intelligent Management with the...

CVE-2026-25470 WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in ACPT ACPT Pro - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT Pro - Custom Post Types Plugin for WordPress: from n/a through 2.0.47...

CVE-2026-25470

CVE-2026-25470 : Unauthenticated RCE in WordPress ACPT (Pro) – Custom Post Types Plugin for WordPress (ACPT) 2.0.47 if available; no public patch details provided in the documents. Exploitation status is not provided in the connected documents. Monitor for updates and vendor advisories for a con...

CVE-2026-24155

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2026-24155

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

EUVD-2026-37129

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2026-24155

CVE-2026-24155 affects NVIDIA NeMo Framework for all platforms, described as a code injection vulnerability (CWE-94) that can lead to code execution, privilege escalation, information disclosure, and data tampering. The NVIDIA security bulletin states that CVE-2026-24155 is addressed by updating ...

CVE-2026-49774

Improper Control of Generation of Code 'Code Injection' vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0...

CVE-2026-49774

CVE-2026-49774 describes an "Improper Control of Generation of Code (Code Injection)" vulnerability in the WordPress RD Station plugin

CVE-2026-49774 WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0...

EUVD-2026-37056

Improper Control of Generation of Code 'Code Injection' vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0...

Spring Cloud Gateway Code Injection

Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...

Netsweeper <=6.4.3 - Python Code Injection

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters. id: CVE-2020-13167 info: name: Netsweeper =6.4.4 to mitiga...

Ivanti EPM Cloud Services Appliance Code Injection

Ivanti EPM Cloud Services Appliance CSA before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions nobody. id: CVE-2021-44529 info: name: Ivanti EPM Cloud Services Appliance Code Injection...

SUSE CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

SUSE CVE-2026-47167

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin runtime/ftplugin/cucumber.vim on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's...

PT-2026-50086

Name of the Vulnerable Software and Affected Versions ACPT Pro - Custom Post Types Plugin for WordPress versions prior to 2.0.48 Description Improper Control of Generation of Code allows for Remote Code Inclusion and unauthenticated Remote Code Execution RCE. This issue enables an attacker to...

PT-2026-49725

Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework affected versions not specified Description NVIDIA NeMo Framework contains a code injection flaw. A successful exploit could lead to arbitrary code execution, escalation of privileges, information disclosure, and data...