CWE-94

Code Injection

MITRE

No catalog description on file. The MITRE CWE site has the canonical reference.

CVEs (total)

113

Critical

High

Medium

Low

Severity distribution

Recent CVEs

showing 50 of 113

CVE-2026-47162High· 8.8EPSS 0%12 h ago
Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when serializing brows
CVE-2026-42890—EPSS 0%14 h ago
actual Allows Electron to Run As Node
npm
CVE-2026-54057—15 h ago
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes
CVE-2026-12130Low· 3.515 h ago
A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The manipulation of the argument protitle resu
CVE-2026-12129Low· 3.515 h ago
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface. The manipulation of the argument tod
CVE-2026-42851High· 7.8EPSS 0%16 h ago
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with `cat`, a log line, an email body rendered in `less`, an issue bo
CVE-2026-50223High· 8.8EPSS 0%17 h ago
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote
CVE-2026-44495—EPSS 0%17 h ago
axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge
npm
CVE-2026-45833—19 h ago
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /
CVE-2026-20045High· 8.2KEVEPSS 4%20 h ago
Cisco Unified Communications Products Code Injection Vulnerability
CVE-2024-21351High· 7.6KEVEPSS 11%20 h ago
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-6548Medium· 5.5KEVEPSS 6%20 h ago
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
CVE-2025-37164Critical· 10.0KEVEXPLOITEPSS 79%20 h ago
Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability
CVE-2017-7494Critical· 9.8KEVEXPLOITEPSS 94%20 h ago
Samba Remote Code Execution Vulnerability
CVE-2023-29492Critical· 9.8KEVEPSS 18%20 h ago
Novi Survey Insecure Deserialization Vulnerability
CVE-2022-22965Critical· 9.8KEVEXPLOITEPSS 94%20 h ago
Spring Framework JDK 9+ Remote Code Execution Vulnerability
maven
CVE-2019-0193High· 7.2KEVEPSS 93%20 h ago
Apache Solr DataImportHandler Code Injection Vulnerability
CVE-2019-9082High· 8.8KEVEXPLOITEPSS 94%20 h ago
ThinkPHP Remote Code Execution Vulnerability
CVE-2020-8644Critical· 9.8KEVEXPLOITEPSS 94%20 h ago
PlaySMS Server-Side Template Injection Vulnerability
CVE-2025-4428High· 7.2KEVEXPLOITEPSS 41%20 h ago
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
CVE-2013-3906High· 7.8KEVEXPLOITEPSS 92%20 h ago
Microsoft Graphics Component Memory Corruption Vulnerability
CVE-2023-24955High· 7.2KEVEXPLOITEPSS 92%20 h ago
Microsoft SharePoint Server Code Injection Vulnerability
CVE-2025-32432Critical· 10.0KEVEXPLOITEPSS 93%20 h ago
Craft CMS Code Injection Vulnerability
CVE-2024-20359Medium· 6.0KEVEPSS 0%20 h ago
Cisco ASA and FTD Privilege Escalation Vulnerability
CVE-2024-56145Critical· 9.8KEVEXPLOITEPSS 94%20 h ago
Craft CMS Code Injection Vulnerability
CVE-2021-39144High· 8.5KEVEXPLOITEPSS 94%20 h ago
XStream Remote Code Execution Vulnerability
CVE-2023-25717Critical· 9.8KEVEPSS 94%20 h ago
Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
CVE-2025-49704High· 8.8KEVEXPLOITEPSS 60%20 h ago
Microsoft SharePoint Code Injection Vulnerability
CVE-2014-6352High· 7.8KEVEXPLOITEPSS 91%20 h ago
Microsoft Windows Code Injection Vulnerability
CVE-2013-3163High· 8.8KEVEXPLOITEPSS 85%20 h ago
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-1347High· 8.8KEVEXPLOITEPSS 88%20 h ago
Microsoft Internet Explorer Remote Code Execution Vulnerability
CVE-2022-22947Critical· 10.0KEVEXPLOITEPSS 94%20 h ago
VMware Spring Cloud Gateway Code Injection Vulnerability
CVE-2022-22954Critical· 9.8KEVEXPLOITEPSS 94%20 h ago
VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability
CVE-2014-6287Critical· 9.8KEVEXPLOITEPSS 94%20 h ago
Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability
CVE-2009-1151Critical· 9.8KEVEXPLOITEPSS 93%20 h ago
phpMyAdmin Remote Code Execution Vulnerability
CVE-2012-1856High· 8.8KEVEPSS 92%20 h ago
Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability
CVE-2025-1976Medium· 6.7KEVEPSS 1%20 h ago
Broadcom Brocade Fabric OS Code Injection Vulnerability
CVE-2025-6204High· 8.0KEVEPSS 10%20 h ago
Dassault Systèmes DELMIA Apriso Code Injection Vulnerability
CVE-2008-4250Critical· 9.8KEVEXPLOITEPSS 92%20 h ago
Microsoft Windows Buffer Overflow Vulnerability
CVE-2020-8243High· 7.2KEVEPSS 21%20 h ago
Ivanti Pulse Connect Secure Code Execution Vulnerability
CVE-2009-1862High· 7.8KEVEPSS 59%20 h ago
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
CVE-2021-22900High· 7.2KEVEPSS 3%20 h ago
Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
CVE-2021-44529Critical· 9.8KEVEXPLOITEPSS 94%20 h ago
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
CVE-2021-22894High· 8.8KEVEPSS 42%20 h ago
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
CVE-2026-33017Critical· 9.8KEVEPSS 25%20 h ago
Langflow Code Injection Vulnerability
pypi
CVE-2015-1635Critical· 9.8KEVEXPLOITEPSS 94%20 h ago
Microsoft HTTP.sys Remote Code Execution Vulnerability
CVE-2009-0556High· 8.8KEVEPSS 59%20 h ago
Microsoft Office PowerPoint Code Injection Vulnerability
CVE-2020-8218High· 7.2KEVEPSS 91%20 h ago
Pulse Connect Secure Code Injection Vulnerability
CVE-2009-0557High· 7.8KEVEPSS 86%20 h ago
Microsoft Office Object Record Corruption Vulnerability
CVE-2022-24816Critical· 10.0KEVEPSS 94%20 h ago
OSGeo GeoServer JAI-EXT Code Injection Vulnerability

CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.