Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-94 Clear
ID Title
CVE-2025-54068 KEV [KEV] Code Injection in Laravel livewire (CVE-2025-54068)
code injection in Laravel livewire (CVE-2025-54068). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-31898 Vulnerability in parall (CVE-2026-31898)
vulnerability in parall (CVE-2026-31898). Confidential information can be exposed externally. Exploitable via ``createAnnotation``.
CVE-2025-50881 Code Injection in CVE-2025-50881 (CVE-2025-50881)
code injection in CVE-2025-50881 (CVE-2025-50881). Successful exploitation can lead to full system takeover. Exploitable via ``action``.
CVE-2026-4276 Code Injection in librechat (CVE-2026-4276)
code injection in librechat (CVE-2026-4276). Data can be tampered with by attackers.
CVE-2026-3476 Code Injection in 3ds (CVE-2026-3476)
code injection in 3ds (CVE-2026-3476). Successful exploitation can lead to full system takeover.
CVE-2025-14287 Code Injection in lfprojects (CVE-2025-14287)
code injection in lfprojects (CVE-2025-14287). Successful exploitation can lead to full system takeover.
CVE-2026-32640 Code Injection in simpleeval (CVE-2026-32640)
code injection in simpleeval (CVE-2026-32640). Successful exploitation can lead to full system takeover. Exploitable via ``names``. Mitigation: upgrade to `1.0.5` or later.
CVE-2026-32304 Code Injection in locutus (CVE-2026-32304)
code injection in locutus (CVE-2026-32304). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.14` or later.
CVE-2026-21669 Code Injection in veeam (CVE-2026-21669)
code injection in veeam (CVE-2026-21669). Successful exploitation can lead to full system takeover.
CVE-2026-21671 Code Injection in veeam (CVE-2026-21671)
code injection in veeam (CVE-2026-21671). Successful exploitation can lead to full system takeover.
CVE-2025-67035 Code Injection in lantronix (CVE-2025-67035)
code injection in lantronix (CVE-2025-67035). Successful exploitation can lead to full system takeover.
CVE-2025-67036 Code Injection in lantronix (CVE-2025-67036)
code injection in lantronix (CVE-2025-67036). Successful exploitation can lead to full system takeover.
CVE-2025-67037 Code Injection in lantronix (CVE-2025-67037)
code injection in lantronix (CVE-2025-67037). Successful exploitation can lead to full system takeover.
CVE-2025-67034 Code Injection in lantronix (CVE-2025-67034)
code injection in lantronix (CVE-2025-67034). Successful exploitation can lead to full system takeover.
CVE-2026-2273 Code Injection in schneider-electric (CVE-2026-2273)
code injection in schneider-electric (CVE-2026-2273). Successful exploitation can lead to full system takeover.
CVE-2026-29091 Vulnerability in locutus (CVE-2026-29091)
vulnerability in locutus (CVE-2026-29091). Successful exploitation can lead to full system takeover.
CVE-2026-27830 Code Injection in deserialization (CVE-2026-27830)
code injection in deserialization (CVE-2026-27830). Successful exploitation can lead to full system takeover. Exploitable via ``javax.naming.Reference``.
CVE-2026-25755 Code Injection in parall (CVE-2026-25755)
code injection in parall (CVE-2026-25755). Confidential information can be exposed externally. Exploitable via ``addJS``.
CVE-2025-14009 Code Injection in nltk (CVE-2025-14009)
code injection in nltk (CVE-2025-14009). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.9.3` or later.
CVE-2025-33239 Code Injection in nvidia (CVE-2025-33239)
code injection in nvidia (CVE-2025-33239). Successful exploitation can lead to full system takeover.
CVE-2025-33240 Code Injection in nvidia (CVE-2025-33240)
code injection in nvidia (CVE-2025-33240). Successful exploitation can lead to full system takeover.
CVE-2025-69872 Code Injection in CVE-2025-69872 (CVE-2025-69872)
code injection in CVE-2025-69872 (CVE-2025-69872). Successful exploitation can lead to full system takeover.
CVE-2026-1615 Code Injection in CVE-2026-1615 (CVE-2026-1615)
code injection in CVE-2026-1615 (CVE-2026-1615). Successful exploitation can lead to full system takeover.
CVE-2025-61732 Code Injection in toolchain (CVE-2025-61732)
code injection in toolchain (CVE-2025-61732). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.13, 1.25.7` or later.
CVE-2026-25153 Code Injection in linuxfoundation (CVE-2026-25153)
code injection in linuxfoundation (CVE-2026-25153). Confidential information can be exposed externally. Exploitable via ``hooks``.
CVE-2025-24293 Command Injection in CVE-2025-24293 (CVE-2025-24293)
command injection in CVE-2025-24293 (CVE-2025-24293). Successful exploitation can lead to full system takeover.
CVE-2026-1281 KEV [KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-57283 Code Injection in browserstack (CVE-2025-57283)
code injection in browserstack (CVE-2025-57283). Successful exploitation can lead to full system takeover.
CVE-2026-24747 Code Injection in linuxfoundation (CVE-2026-24747)
code injection in linuxfoundation (CVE-2026-24747). Successful exploitation can lead to full system takeover. Exploitable via ``weights_only``.
CVE-2026-22807 Code Injection in vllm (CVE-2026-22807)
code injection in vllm (CVE-2026-22807). Successful exploitation can lead to full system takeover. Exploitable via ``auto_map``.
CVE-2026-20045 KEV [KEV] Code Injection in Cisco unified-communications-manager (CVE-2026-20045)
code injection in Cisco unified-communications-manager (CVE-2026-20045). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-22771 Code Injection in envoyproxy (CVE-2026-22771)
code injection in envoyproxy (CVE-2026-22771). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.5.7` or later.
CVE-2025-69262 pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings....
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code E...
CVE-2009-0556 KEV [KEV] Code Injection in Microsoft office (CVE-2009-0556)
code injection in Microsoft office (CVE-2009-0556). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-37164 KEV [KEV] Code Injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164)
code injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-66848 Code Injection in jdcloud (CVE-2025-66848)
code injection in jdcloud (CVE-2025-66848). Successful exploitation can lead to full system takeover.
CVE-2023-53888 Code Injection in zomp (CVE-2023-53888)
code injection in zomp (CVE-2023-53888). Successful exploitation can lead to full system takeover.
CVE-2025-65854 Code Injection in mineadmin (CVE-2025-65854)
code injection in mineadmin (CVE-2025-65854). Successful exploitation can lead to full system takeover.
CVE-2025-56399 Code Injection in laravel (CVE-2025-56399)
code injection in laravel (CVE-2025-56399). Successful exploitation can lead to full system takeover.
CVE-2025-6204 KEV [KEV] Code Injection in Dassault systèmes dassault-systemes (CVE-2025-6204)
code injection in Dassault systèmes dassault-systemes (CVE-2025-6204). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-57567 Code Injection in CVE-2025-57567 (CVE-2025-57567)
code injection in CVE-2025-57567 (CVE-2025-57567). Successful exploitation can lead to full system takeover.
CVE-2025-56588 Code Injection in dolibarr (CVE-2025-56588)
code injection in dolibarr (CVE-2025-56588). Successful exploitation can lead to full system takeover.
CVE-2025-50567 SQL Injection in CVE-2025-50567 (CVE-2025-50567)
SQL injection in CVE-2025-50567 (CVE-2025-50567). Successful exploitation can lead to full system takeover.
CVE-2012-10032 Cross-Site Scripting (XSS) in CVE-2012-10032 (CVE-2012-10032)
cross-site scripting in CVE-2012-10032 (CVE-2012-10032). Risk of unauthorized operations or information disclosure.
CVE-2025-4056 Code Injection in dos (CVE-2025-4056)
code injection in dos (CVE-2025-4056). Risk of unauthorized operations or information disclosure.
CVE-2025-49704 KEV [KEV] Code Injection in Microsoft sharepoint (CVE-2025-49704)
code injection in Microsoft sharepoint (CVE-2025-49704). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-53867 Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.
Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.
CVE-2024-56145 KEV [KEV] Code Injection in Craft cms craft-cms (CVE-2024-56145)
code injection in Craft cms craft-cms (CVE-2024-56145). Risk of unauthorized operations or information disclosure. Exploitable via ``register_argc_argv``. Listed in CISA KEV — actively exploited.
CVE-2025-4428 KEV [KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-2421 Code Injection in felisify (CVE-2025-2421)
code injection in felisify (CVE-2025-2421). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →