Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-4889 | Code Injection vulnerability in Litellm A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. | 7.2 |
| 2024-05-31 | CVE-2024-23692 | Code Injection vulnerability in Rejetto Http File Server Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. | 9.8 |
| 2024-04-24 | CVE-2024-20359 | Code Injection vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. | 6.0 |
| 2024-04-22 | CVE-2024-4040 | Code Injection vulnerability in Crushftp A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | 10.0 |
| 2024-02-20 | CVE-2024-1297 | Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection. | 10.0 |
| 2024-02-17 | CVE-2024-25298 | Code Injection vulnerability in Redaxo 5.15.1 An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. | 7.2 |
| 2024-02-14 | CVE-2024-25301 | Code Injection vulnerability in Redaxo 5.15.1 Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. | 7.2 |
| 2024-02-13 | CVE-2024-21351 | Code Injection vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 7.6 |
| 2024-02-13 | CVE-2024-22131 | Code Injection vulnerability in SAP Abap Platform In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. | 7.2 |
| 2024-02-13 | CVE-2023-42374 | Code Injection vulnerability in Mystenlabs SUI 1.2.1 An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component. | 9.8 |