CVE-2021-36985

There is a Code injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart...

CVE-2021-27811

A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of clientupgradeedition.php and Upgrade.php...

CVE-2021-25808

A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file...

CVE-2021-25251

The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit...

CVE-2021-21477

SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability...

CVE-2021-21305

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "manipulate!" method inappropriately evals the content of mutation option:read/:write...

CVE-2021-22722

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Stored Cross-site Scripting' vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all...

CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure 9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface...

CVE-2020-8137

Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker...

CVE-2020-23037

Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

CVE-2020-18172

A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges...

CVE-2019-0304

FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inje...

CVE-2019-0343

SAP Commerce Cloud Mediaconversion Extension, versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application...

CVE-2019-3652

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security ENS Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer...

CVE-2019-15598

A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

CVE-2019-1577

Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML...

CVE-2018-21005

The bbp-move-topics plugin before 1.1.6 for WordPress has code injection...

Code Injection

langroid is vulnerable to code injection. The vulnerability is due to improper input sanitization in TableChatAgent using pandas eval, allowing attackers to execute arbitrary code within the application...

CVE-2012-5304

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/dbconnect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the...

CVE-2002-2319

Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the 1 LOGIN, 2 DATA, and 3 MESS parameters, which are inserted into news.php3...