Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers t…

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Wi…

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability …

The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.O…

A template injection vulnerability on older versions of Confluence Data Center and Server allow…

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up a…

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/cod…

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routi…

Apache Commons Text performs variable interpolation, allowing properties to be dynamically eval…

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows…

XWiki Platform is a generic wiki platform offering runtime services for applications built on t…

GeoServer is an open source server that allows users to share and edit geospatial data. Prior t…

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and b…

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab …

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] paramete…

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code e…

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injecti…

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code exec…

Unauthenticated remote code execution

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileS…

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various …

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unaut…

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. …

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to exec…

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vist…

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Pro…

XStream is a simple library to serialize objects to XML and back again. In affected versions th…

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/ja…

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prio…

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a …

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all version…

The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queri…

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and b…

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Comm…

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote comm…

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported ver…

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present.…

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x b…

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelio…