Code injection vulnerabilities
Code injection covers OS command injection, template injection and similar flaws where attacker input is executed as code by the application. These bugs are easy to weaponize — often a single crafted HTTP request — and are among the fastest classes to move from disclosure to in-the-wild exploitation.
Classification is assigned by the CSIRTS enrichment pipeline from the advisory text. The list below shows the latest advisories tagged code injection, newest first, across national CERTs, vendor PSIRTs and vulnerability databases — exploited marks CVEs in the CISA KEV catalog.