CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Code injection vulnerabilities

command / template injection91 advisories75 exploitedlatest 2026-07-09

Code injection covers OS command injection, template injection and similar flaws where attacker input is executed as code by the application. These bugs are easy to weaponize — often a single crafted HTTP request — and are among the fastest classes to move from disclosure to in-the-wild exploitation.

Classification is assigned by the CSIRTS enrichment pipeline from the advisory text. The list below shows the latest advisories tagged code injection, newest first, across national CERTs, vendor PSIRTs and vulnerability databases — exploited marks CVEs in the CISA KEV catalog.

Latest code injection advisories

Other vulnerability classes

Remote code execution (973)Privilege escalation (444)Authentication bypass (351)Denial of service (567)Information disclosure (387)Memory corruption (230)Path traversal (99)Cross-site scripting (107)Unsafe deserialization (49)SQL injection (50)Server-side request forgery (37)