Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-02-20 CVE-2024-1297 Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection.
network
low complexity
CWE-94
critical
10.0
2024-02-06 CVE-2023-45735 Code Injection vulnerability in Westermo L206-F2G Firmware 4.24
A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.
network
low complexity
westermo CWE-94
8.0
2024-02-05 CVE-2023-6996 Code Injection vulnerability in Vegacorp Display Custom Fields in the Frontend - Post and User Profile Fields
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode.
network
low complexity
vegacorp CWE-94
8.8
2024-02-05 CVE-2023-5677 Code Injection vulnerability in Axis products
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution.
network
low complexity
axis CWE-94
8.8
2024-02-05 CVE-2023-5800 Code Injection vulnerability in Axis OS
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution.
network
low complexity
axis CWE-94
8.8
2024-02-02 CVE-2023-50488 Code Injection vulnerability in Blurams Lumi Security Camera A31C Firmware 23.0406.435.412
An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code.
network
low complexity
blurams CWE-94
critical
9.8
2024-02-02 CVE-2023-51820 Code Injection vulnerability in Blurams Lumi Security Camera A31C Firmware 2.3.38.12558
An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code.
low complexity
blurams CWE-94
6.8
2024-02-02 CVE-2021-22282 Code Injection vulnerability in Br-Automation Automation Studio
Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.
local
low complexity
br-automation CWE-94
7.8
2024-02-02 CVE-2024-22533 Code Injection vulnerability in Xiandafu Beetl 3.15.12
Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability.
network
low complexity
xiandafu CWE-94
critical
9.8
2024-02-02 CVE-2024-23746 Code Injection vulnerability in Miro 0.8.18
Miro Desktop 0.8.18 on macOS allows Electron code injection.
network
low complexity
miro CWE-94
critical
9.8