Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2023-50488 | Code Injection vulnerability in Blurams Lumi Security Camera A31C Firmware 23.0406.435.412 An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code. | 9.8 |
| 2024-02-02 | CVE-2023-51820 | Code Injection vulnerability in Blurams Lumi Security Camera A31C Firmware 2.3.38.12558 An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. | 6.8 |
| 2024-02-02 | CVE-2024-22533 | Code Injection vulnerability in Xiandafu Beetl 3.15.12 Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. | 9.8 |
| 2024-02-02 | CVE-2024-23746 | Code Injection vulnerability in Miro 0.8.18 Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents). | 9.8 |
| 2024-02-01 | CVE-2023-47257 | Code Injection vulnerability in Connectwise Automate and Screenconnect ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages. | 8.1 |
| 2024-01-30 | CVE-2023-37518 | Code Injection vulnerability in Hcltech Bigfix Servicenow Data Flow 1.2 HCL BigFix ServiceNow is vulnerable to arbitrary code injection. | 8.8 |
| 2024-01-30 | CVE-2024-21649 | Code Injection vulnerability in Vantage6 The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). | 8.8 |
| 2024-01-29 | CVE-2024-1015 | Code Injection vulnerability in Se-Elektronicgmbh E-Ddc3.3 Firmware 03.07.03 Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. | 9.8 |
| 2024-01-25 | CVE-2023-52251 | Code Injection vulnerability in Provectus UI An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages. | 8.8 |
| 2024-01-22 | CVE-2024-23750 | Code Injection vulnerability in Deepwisdom Metagpt MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. | 8.8 |