Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-05 | CVE-2024-38346 | Code Injection vulnerability in Apache Cloudstack The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. | 9.8 |
| 2024-07-01 | CVE-2024-36401 | Code Injection vulnerability in multiple products GeoServer is an open source server that allows users to share and edit geospatial data. | 9.8 |
| 2024-07-01 | CVE-2024-6376 | Code Injection vulnerability in Mongodb Compass MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. | 9.8 |
| 2024-06-27 | CVE-2024-5751 | Code Injection vulnerability in Litellm 1.35.8 BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. | 9.8 |
| 2024-06-24 | CVE-2024-37109 | Code Injection vulnerability in Wishlistmember Wishlist Member Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7. | 8.8 |
| 2024-06-24 | CVE-2024-5683 | Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5. | 9.8 |
| 2024-06-20 | CVE-2024-3562 | Code Injection vulnerability in Custom Field Suite Project Custom Field Suite The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. | 8.8 |
| 2024-06-16 | CVE-2024-38458 | Code Injection vulnerability in Xenforo 2.2.7 Xenforo before 2.2.16 allows code injection. | 8.8 |
| 2024-06-14 | CVE-2024-37885 | Code Injection vulnerability in Nextcloud Desktop The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. | 7.8 |
| 2024-06-12 | CVE-2024-1577 | Code Injection vulnerability in Megabip 4.36.2 Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2. | 9.8 |