Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2025-04-28 CVE-2025-4011 A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic.
network
low complexity
CWE-94
3.5
3.5
2025-04-28 CVE-2025-3999 A vulnerability, which was classified as problematic, has been found in Seeyon Zhiyuan OA Web Application System 8.1 SP2.
network
low complexity
CWE-94
3.5
3.5
2025-04-28 CVE-2025-4000 A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2.
network
low complexity
CWE-94
3.5
3.5
2025-04-28 CVE-2025-3996 A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525.
network
low complexity
CWE-94
2.4
2.4
2025-04-28 CVE-2025-3995 A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525.
network
low complexity
CWE-94
2.4
2.4
2025-04-28 CVE-2025-3994 A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525.
network
low complexity
CWE-94
2.4
2.4
2025-04-26 CVE-2024-13812 The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1.
network
low complexity
CWE-94
6.5
6.5
2025-04-26 CVE-2025-3491 The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'acpt_validate_setting' function.
network
low complexity
CWE-94
7.2
7.2
2025-04-26 CVE-2024-13808 The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget.
network
low complexity
CWE-94
8.8
8.8
2025-04-26 CVE-2025-2801 The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4.
network
low complexity
CWE-94
7.3
7.3