CVE-2025-23349

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2025-23295

NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data...

CVE-2025-23305

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2025-23314

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and dat...

CVE-2025-23264

NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data...

CVE-2025-23312

NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure...

CVE-2022-23503

TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible t...

CVE-2022-23603

iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue...

CVE-2022-31179

Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape any API function to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by...

CVE-2022-0895

Static Code Injection in GitHub repository microweber/microweber prior to 1.3...

CVE-2024-34761

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code 'Code Injection' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10...

CVE-2024-41961

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which...

CVE-2024-41921

A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python...

CVE-2024-41148

A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python...

CVE-2024-39715

A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server...

(0Day) Langflow code Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code parameter provided to the validate endpoint. The issue results from th...

PT-2026-2001

Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow related to the handling of Python function components, potentially allowing remote attackers to execute arbitrary code on affected systems. An attacker may be able ...

PT-2026-1998

Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from insufficient...

PT-2026-2212

Name of the Vulnerable Software and Affected Versions Salesforce Uni2TS versions through 1.2.0 Description An improper control of generation of code issue, specifically a code injection, exists in Salesforce Uni2TS on MacOS, Windows, and Linux. This allows for the leveraging of executable code in...

PT-2026-1991

Name of the Vulnerable Software and Affected Versions Foundation Agents MetaGPT affected versions not specified Description A flaw exists in the actionoutput str to mapping function that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for...