Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-1117 | Code Injection vulnerability in Openbi A vulnerability was found in openBI up to 1.0.8. | 9.8 |
| 2024-01-30 | CVE-2023-37518 | Code Injection vulnerability in Hcltech Bigfix Servicenow Data Flow 1.2 HCL BigFix ServiceNow is vulnerable to arbitrary code injection. | 8.8 |
| 2024-01-30 | CVE-2024-21649 | Code Injection vulnerability in Vantage6 The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). | 8.8 |
| 2024-01-29 | CVE-2024-1015 | Code Injection vulnerability in Se-Elektronicgmbh E-Ddc3.3 Firmware 03.07.03 Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. | 9.8 |
| 2024-01-25 | CVE-2023-52251 | Code Injection vulnerability in Provectus UI An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages. | 8.8 |
| 2024-01-22 | CVE-2024-23750 | Code Injection vulnerability in Deepwisdom Metagpt MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. | 8.8 |
| 2024-01-20 | CVE-2024-0521 | Code Injection vulnerability in Paddlepaddle Paddle Code Injection in paddlepaddle/paddle | 7.8 |
| 2024-01-19 | CVE-2024-0738 | Code Injection vulnerability in Garethhk Mldong 1.0 A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. | 9.8 |
| 2024-01-19 | CVE-2023-50447 | Code Injection vulnerability in multiple products Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). | 8.1 |
| 2024-01-17 | CVE-2023-6548 | Code Injection vulnerability in Citrix products Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. | 8.8 |