Injection

NousResearch hermes-agent up to version 0.12.0 is vulnerable to code injection in the _compress_context function of the run_agent.py file, allowing remote exploitation.

The amazon-redshift-python-driver versions 2.1.13 and earlier is vulnerable to remote code execution (CVE-2026-8838) due to insufficient validation of server data during query result processing, potentially allowing a rogue server or man-in-the-middle to execute arbitrary code on the client.

A SQL injection vulnerability (CVE-2026-9584) exists in code-projects Project Management System 1.0 within the chk.php file of the Login component, allowing a remote attacker to execute arbitrary SQL commands.

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 are vulnerable to XML external entity injection (XXE), allowing an authenticated attacker to expose sensitive information or consume memory resources.

A remote injection vulnerability exists in NousResearch hermes-agent 2026.4.23 within the _scan_context_content function of the agent/prompt_builder.py file, allowing attackers to inject malicious code.

The JoomSport plugin for WordPress is vulnerable to time-based blind SQL Injection (CVE-2026-6929) via the 'sortf' parameter in versions up to 5.7.7, allowing unauthenticated attackers to extract sensitive information from the database.

A vulnerability exists in claude-code-cache-fix versions 3.5.0 and 3.5.1 where the `tools/quota-statusline.sh` script interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal, allowing local code execution via Python triple-quote injection (CVE-2026-45136).

CVE-2026-41109 describes an improper neutralization of special elements in output used by a downstream component ('injection') vulnerability in GitHub Copilot and Visual Studio, allowing an unauthorized attacker to bypass a security feature over a network.

CVE-2026-33833 describes an injection vulnerability in Azure Machine Learning that allows an unauthorized attacker to perform spoofing over a network.

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection (CVE-2026-2993) in versions up to 1.4.17, allowing unauthenticated attackers to extract sensitive information from the database.

A JSON-path traversal injection vulnerability exists in Kysely versions prior to 0.28.16, allowing attackers to traverse JSON sub-fields outside the intended scope, potentially leading to unauthorized read and write access to sensitive data in MySQL, PostgreSQL, and SQLite databases due to insufficient sanitization of JSON-path metacharacters in the `JSONPathBuilder.key()` and `.at()` functions.

Vvveb before 1.0.8.2 is vulnerable to XML external entity (XXE) injection in the admin import feature, allowing authenticated site administrators to read arbitrary files and modify database records, potentially leading to privilege escalation.

YAFNET is vulnerable to an unauthenticated stored second-order XSS vulnerability in the admin event log, triggered by a reflected `User-Agent` header, allowing an attacker to execute arbitrary JavaScript in an administrator's session.

OpenClaw versions before 2026.4.12 are vulnerable to environment variable injection, allowing attackers to bypass shell wrapper detection and manipulate execution semantics by modifying shell variables.

HKUDS OpenHarness contains a remote code execution vulnerability (CVE-2026-7551) in the /bridge slash command, allowing remote attackers to execute arbitrary operating system commands by injecting malicious commands via the /bridge spawn command, leading to unauthorized shell access and data exposure.

A SQL injection vulnerability exists in Dagster's DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers, where a user with 'Add Dynamic Partitions' permission can inject arbitrary SQL due to improper escaping of dynamic partition key values, leading to unauthorized data access or modification.

CVE-2026-5827 is a SQL injection vulnerability in code-projects Simple IT Discussion Forum 1.0, allowing remote attackers to execute arbitrary SQL commands by manipulating the 'content' argument in /question-function.php.

Vim versions before 9.2.0272 allow code execution upon opening a specially crafted file due to %{expr} injection in tabpanel lacking P_MLE in the default configuration, potentially leading to arbitrary code execution.

A vulnerability exists in the AWS SDK for PHP CloudFront signing utilities where special characters in input values are not properly handled when creating policy documents, potentially leading to unintended access restrictions, affecting versions 3.11.7 through 3.371.3.

The BadAML injection attack allows arbitrary code execution in confidential VMs by exploiting the ACPI interface, enabling attackers with host control to execute malicious AML code within the guest.

CVE-2026-22744 is a code injection vulnerability in Spring AI's RedisFilterExpressionConverter which allows an attacker to inject arbitrary commands into RediSearch TAG blocks via unescaped user-controlled strings, affecting versions 1.0.0 before 1.0.5 and 1.1.0 before 1.1.4.

An authenticated user with workflow creation/modification permissions can exploit insufficient restrictions in the n8n Merge node's AlaSQL sandbox to achieve remote code execution by reading local files or executing commands on the n8n host.

A pre-authentication DQL injection vulnerability in Dgraph's `/mutate` endpoint, when ACL is disabled, allows attackers to exfiltrate the entire database by crafting a malicious `cond` field in an upsert mutation.

The gmaps-mcp package allows unauthenticated access to Google Maps API calls when deployed with a blank MCP_API_KEY, potentially leading to significant financial costs for the operator; it also permits path injection attacks.

The xmldom library is vulnerable to XML node injection, allowing attackers to inject arbitrary XML nodes into serialized output by manipulating comment content; this is mitigated by using the `requireWellFormed` option in `serializeToString` after upgrading to version 0.8.13 or 0.9.10.

Lemur versions before 1.9.0 are vulnerable to LDAP filter injection, where an authenticated LDAP user can inject LDAP filter metacharacters through the username field to manipulate group membership queries and escalate their privileges to administrator.

NocoBase versions 2.0.32 and earlier are vulnerable to SQL injection due to string concatenation in the `queryParentSQL()` function, allowing attackers with record creation permissions to inject arbitrary SQL and potentially extract sensitive information or execute commands.

The fast-xml-builder library allows attribute injection when handling attribute values containing quotes, leading to potential execution of arbitrary code.