Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-01 | CVE-2023-47257 | Code Injection vulnerability in Connectwise Automate and Screenconnect ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages. | 8.1 |
2024-01-31 | CVE-2024-1117 | Code Injection vulnerability in Openbi A vulnerability was found in openBI up to 1.0.8. | 9.8 |
2024-01-30 | CVE-2023-37518 | Code Injection vulnerability in Hcltech Bigfix Servicenow Data Flow 1.2 HCL BigFix ServiceNow is vulnerable to arbitrary code injection. | 8.8 |
2024-01-30 | CVE-2024-21649 | Code Injection vulnerability in Vantage6 The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). | 8.8 |
2024-01-29 | CVE-2024-1015 | Code Injection vulnerability in Se-Elektronicgmbh E-Ddc3.3 Firmware 03.07.03 Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. | 9.8 |
2024-01-25 | CVE-2023-52251 | Code Injection vulnerability in Provectus UI An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages. | 8.8 |
2024-01-22 | CVE-2024-23750 | Code Injection vulnerability in Deepwisdom Metagpt MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. | 8.8 |
2024-01-20 | CVE-2024-0521 | Code Injection vulnerability in Paddlepaddle Paddle Code Injection in paddlepaddle/paddle | 7.8 |
2024-01-19 | CVE-2024-0738 | Code Injection vulnerability in Garethhk Mldong 1.0 A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. | 9.8 |
2024-01-19 | CVE-2023-50447 | Code Injection vulnerability in multiple products Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). | 8.1 |