Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-04-24 CVE-2024-20359 Code Injection vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges.
local
low complexity
cisco CWE-94
6.0
2024-04-22 CVE-2024-4040 Code Injection vulnerability in Crushftp
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
network
low complexity
crushftp CWE-94
critical
10.0
2024-02-29 CVE-2023-51801 Code Injection vulnerability in Oretnom23 Simple Student Attendance System 1.0
SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages.
network
low complexity
oretnom23 CWE-94
critical
9.8
2024-02-17 CVE-2024-25298 Code Injection vulnerability in Redaxo 5.15.1
An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.
network
low complexity
redaxo CWE-94
7.2
2024-02-14 CVE-2024-25301 Code Injection vulnerability in Redaxo 5.15.1
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.
network
low complexity
redaxo CWE-94
7.2
2024-02-13 CVE-2023-42374 Code Injection vulnerability in Mystenlabs SUI 1.2.1
An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component.
network
low complexity
mystenlabs CWE-94
critical
9.8
2024-02-06 CVE-2023-45735 Code Injection vulnerability in Westermo L206-F2G Firmware 4.24
A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.
network
low complexity
westermo CWE-94
8.0
2024-02-05 CVE-2023-6996 Code Injection vulnerability in Vegacorp Display Custom Fields in the Frontend - Post and User Profile Fields
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode.
network
low complexity
vegacorp CWE-94
8.8
2024-02-05 CVE-2023-5677 Code Injection vulnerability in Axis products
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution.
network
low complexity
axis CWE-94
8.8
2024-02-05 CVE-2023-5800 Code Injection vulnerability in Axis OS
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution.
network
low complexity
axis CWE-94
8.8