Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2023-45735 | Code Injection vulnerability in Westermo L206-F2G Firmware 4.24 A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. | 8.0 |
| 2024-02-05 | CVE-2023-6996 | Code Injection vulnerability in Vegacorp Display Custom Fields in the Frontend - Post and User Profile Fields The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. | 8.8 |
| 2024-02-05 | CVE-2023-5677 | Code Injection vulnerability in Axis products Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. | 8.8 |
| 2024-02-05 | CVE-2023-5800 | Code Injection vulnerability in Axis OS Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. | 8.8 |
| 2024-02-02 | CVE-2023-50488 | Code Injection vulnerability in Blurams Lumi Security Camera A31C Firmware 23.0406.435.412 An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code. | 9.8 |
| 2024-02-02 | CVE-2023-51820 | Code Injection vulnerability in Blurams Lumi Security Camera A31C Firmware 2.3.38.12558 An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. | 6.8 |
| 2024-02-02 | CVE-2021-22282 | Code Injection vulnerability in Br-Automation Automation Studio Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12. | 7.8 |
| 2024-02-02 | CVE-2024-22533 | Code Injection vulnerability in Xiandafu Beetl 3.15.12 Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. | 9.8 |
| 2024-02-02 | CVE-2024-23746 | Code Injection vulnerability in Miro 0.8.18 Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents). | 9.8 |
| 2024-02-01 | CVE-2023-47257 | Code Injection vulnerability in Connectwise Automate and Screenconnect ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages. | 8.1 |