Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-1577 | Code Injection vulnerability in Megabip 4.36.2 Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2. | 9.8 |
| 2024-06-04 | CVE-2024-37061 | Code Injection vulnerability in Lfprojects Mlflow Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run. | 8.8 |
| 2024-05-31 | CVE-2024-23692 | Code Injection vulnerability in Rejetto Http File Server Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. | 9.8 |
| 2024-05-15 | CVE-2024-4202 | Code Injection vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. | 8.6 |
| 2024-05-14 | CVE-2024-3787 | Code Injection vulnerability in Whitebearsolutions Wbsairback 21.02.04 Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 disks (/admin/DeviceS3). | 6.6 |
| 2024-05-03 | CVE-2023-39469 | Code Injection vulnerability in Papercut MF PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. | 7.2 |
| 2024-04-25 | CVE-2024-25624 | Code Injection vulnerability in Dfir-Iris Iris Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. | 6.8 |
| 2024-04-24 | CVE-2024-20359 | Code Injection vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. | 6.0 |
| 2024-04-22 | CVE-2024-4040 | Code Injection vulnerability in Crushftp A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | 10.0 |
| 2024-04-19 | CVE-2023-50260 | Code Injection vulnerability in Wazuh Wazuh is a free and open source platform used for threat prevention, detection, and response. | 8.8 |