Code-Injection

NousResearch hermes-agent up to version 0.12.0 is vulnerable to code injection in the _compress_context function of the run_agent.py file, allowing remote exploitation.

A remote code injection vulnerability (CVE-2026-10220) exists in NousResearch hermes-agent versions up to 2026.4.30, affecting the _serve_plugin_skill/skill_view function in tools/skills_tool.py, potentially allowing attackers to inject arbitrary code.

Yamcs is vulnerable to authenticated remote code execution (CVE-2026-46621) where an authenticated user with the ChangeMissionDatabase privilege can inject malicious Jython code into existing Python algorithms, leading to arbitrary command execution on the underlying host operating system.

Dolibarr ERP CRM 7.0.3 is vulnerable to remote code evaluation, allowing unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter, leading to arbitrary command execution.

A remote code injection vulnerability (CVE-2026-9353) exists in NousResearch hermes-agent up to version 2026.4.23, allowing attackers to inject malicious code by manipulating the THREAT_PATTERNS argument in the Skills Guard Multi-Word Prompt Handler component.

A public exploit has been published for CVE-2026-27384, a critical unauthenticated remote code execution vulnerability in the W3 Total Cache WordPress plugin.

A vulnerability in Twig versions 3.15.0 to 3.26.0 (CVE-2026-46640) allows arbitrary PHP code execution via the `_self.(<string>)` macro-reference compilation, enabling attackers to inject and execute arbitrary PHP code by supplying malicious template source, bypassing the SandboxExtension.

A code injection vulnerability (CVE-2026-46633) exists in Twig versions prior to 3.26.0, where a single quote in the `{% use %}` template name is not properly escaped, allowing arbitrary PHP code execution by bypassing the Twig sandbox.

CVE-2025-15024 is a code injection vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.'s Library Automation System that allows for Remote Code Inclusion in versions from v.19.5 before v.22.1.

An unauthenticated remote code injection vulnerability (CVE-2026-44672) exists in Mapfish Print's Dynamic table functionality, allowing attackers to execute arbitrary code on the server.

Wing FTP Server 8.1.2 contains an authenticated remote code execution vulnerability (CVE-2026-44403) in the session serialization mechanism, allowing administrators to inject arbitrary Lua code and achieve remote code execution.

CVE-2026-41094 is a code injection vulnerability in Microsoft Data Formulator, allowing an unauthorized attacker to execute arbitrary code over a network.

CVE-2026-42898 is a code injection vulnerability in Microsoft Dynamics 365 (on-premises) that allows an authorized attacker to execute arbitrary code over a network.

protobuf.js is vulnerable to code injection (CVE-2026-44293); by crafting a protobuf descriptor with a non-string default value for a `bytes` field, an attacker can inject arbitrary Javascript code into the generated `toObject` conversion function if default values are enabled, requiring the application to load an attacker-controlled schema and convert a message of the affected type with defaults enabled.

Aero CMS 0.0.1 is vulnerable to PHP code injection (CVE-2022-50944), allowing an authenticated attacker to execute arbitrary PHP code by uploading malicious files through the image parameter, leading to remote code execution on the server.

Evolution CMS version 3.1.6 is vulnerable to remote code execution, where authenticated users with module creation permissions can inject PHP code into module parameters, allowing them to execute arbitrary system commands by sending POST requests to '/manager/index.php' with malicious PHP code in the 'post' parameter to create modules that execute arbitrary commands when invoked, as tracked by CVE-2021-47939.

ImpressCMS 1.4.2 is vulnerable to remote code execution (RCE) via the autotasks administrative interface, where authenticated attackers can inject malicious PHP code into the sat_code parameter via a POST request to /modules/system/admin.php, leading to arbitrary PHP code execution through GET parameters (CVE-2021-47938).

An incomplete patch for CVE-2026-42215 in GitPython allows newline injection in the section parameter of the config_writer() function, enabling arbitrary .git/config modification and remote code execution via core.hooksPath.

AzuraCast is vulnerable to a Liquidsoap code injection vulnerability due to the incomplete migration from `cleanUpString()` to `toRawString()` in the remote relay password field, allowing a user with the `RemoteRelays` station permission to inject arbitrary Liquidsoap code by exploiting nested interpolation syntax, leading to arbitrary code execution, API key disclosure, and station disruption.

SambaBox versions 5.1 to before 5.3 are vulnerable to OS command injection via improper control of code generation (CVE-2026-3120), potentially allowing attackers with high privileges to execute arbitrary commands on the underlying system.

A remote code injection vulnerability exists in AV Stumpfl Pixera Two Media Server versions up to 25.2 R2 due to improper handling within the Websocket API, potentially allowing unauthenticated attackers to execute arbitrary code.

IBM Langflow Desktop versions 1.0.0 through 1.8.4 are vulnerable to remote command execution, allowing an attacker to execute arbitrary commands with the privileges of the Langflow process, potentially leading to sensitive data exposure and lateral movement.

Cockpit CMS is vulnerable to authenticated remote code execution via PHP code injection in the /cockpit/collections/save_collection endpoint, enabling attackers with collection management privileges to execute arbitrary commands on the server.

AgentFlow is vulnerable to arbitrary code execution (CVE-2026-7466) by manipulating the `pipeline_path` parameter in POST requests to `/api/runs` and `/api/runs/validate`, allowing attackers to execute arbitrary Python code.

Spring released security advisories on April 27, 2026, to address a VectorStore FilterExpression Converter injection vulnerability (CVE-2026-40967) and a SQL Injection vulnerability (CVE-2026-40978) in Spring AI versions prior to 1.0.6 and 1.1.5.

The CI4MS Backup restore function is vulnerable to Zip Slip, allowing remote code execution by uploading a malicious ZIP archive that writes PHP files to the public web root due to missing validation of entry names during extraction, affecting versions prior to 0.31.5.0.

A code injection vulnerability exists in modelscope agentscope up to version 1.0.18, specifically affecting the execute_python_code/execute_shell_command functions, allowing for remote code execution.

A prototype pollution vulnerability (CVE-2026-6594) in brikcss merge up to version 1.3.0 allows remote attackers to modify object prototype attributes by manipulating the __proto__/constructor.prototype/prototype argument.

A code injection vulnerability, CVE-2026-5970, exists in FoundationAgents MetaGPT up to version 0.8.1, allowing remote attackers to execute arbitrary code via manipulation of the `check_solution` function in the HumanEvalBenchmark/MBPPBenchmark component.

A code injection vulnerability exists in FoundationAgents MetaGPT <= 0.8.1 within the ActionNode.xml_fill function, allowing remote attackers to inject code due to improper neutralization of directives in dynamically evaluated code.

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC to achieve arbitrary command execution on the device.

A code injection vulnerability exists in PowerJob versions 5.1.0, 5.1.1, and 5.1.2, allowing remote attackers to execute arbitrary code via the GroovyEvaluator.evaluate function in the OpenAPI Endpoint component by manipulating the nodeParams argument.

A remote code injection vulnerability exists in assafelovic gpt-researcher versions up to 3.4.3 due to improper handling of the 'args' argument in the extract_command_data function, potentially allowing attackers to execute arbitrary code.

A code injection vulnerability (CVE-2026-5584) exists in Fosowl agenticSeek 0.1.0, allowing remote attackers to execute arbitrary code by manipulating the query endpoint through the PyInterpreter.execute function.

A code injection vulnerability exists in provectus kafka-ui up to version 0.7.2, specifically affecting the validateAccess function within the /api/smartfilters/testexecutions endpoint, allowing remote attackers to inject code.

DedeCMS 5.7.118 is vulnerable to remote code execution via crafted setup tag values during a module upload, as exploited by an unauthenticated attacker (CVE-2026-30643).

A local attacker can exploit CVE-2026-35093 in libinput by placing a specially crafted Lua bytecode file in configuration directories, allowing arbitrary code execution with the privileges of the application using libinput.

XenForo before 2.3.9 and 2.2.18 allows remote code execution by authenticated, malicious admin users with admin panel access.

XenForo before 2.3.7 is vulnerable to code injection due to a loose prefix match for methods accessible within templates, potentially allowing unauthorized method invocations.

letta-ai letta version 0.16.4 contains a remote code injection vulnerability (CVE-2026-4965) in the resolve_type function of ast_parsers.py, stemming from improper neutralization of directives in dynamically evaluated code, allowing unauthenticated remote attackers to execute arbitrary code.

Multiple critical vulnerabilities in n8n, including prototype pollution, code injection, and SQL injection, allow authenticated users to achieve remote code execution, read sensitive files, and perform unauthorized database operations.

Multiple critical vulnerabilities in n8n versions prior to 2.10.1, 2.9.3, and 1.123.22 enable authenticated users to execute arbitrary code and system commands, potentially leading to full system compromise.

Contour's Cookie Rewriting feature is vulnerable to Lua code injection; an attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the `spec.routes[].cookieRewritePolicies[].pathRewrite.value` or `spec.routes[].services[].cookieRewritePolicies[].pathRewrite.value` fields, resulting in arbitrary code execution in the Envoy proxy.

pyp2spec before 0.14.1 is vulnerable to code injection by writing PyPI package metadata into generated spec files without escaping RPM macro directives, allowing malicious packages to execute arbitrary commands on the build machine.

Unauthenticated attackers can exploit a PHP code injection vulnerability in OpenCATS versions prior to commit 3002a29 by injecting malicious PHP code into the installer's AJAX endpoint, leading to arbitrary code execution.

A critical RCE vulnerability in OpenLearnX allows for sandbox escape and arbitrary command execution in versions prior to 2.0.3.