Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2023-47257 Code Injection vulnerability in Connectwise Automate and Screenconnect
ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.
network
high complexity
connectwise CWE-94
8.1
2024-01-31 CVE-2024-1117 Code Injection vulnerability in Openbi
A vulnerability was found in openBI up to 1.0.8.
network
low complexity
openbi CWE-94
critical
9.8
2024-01-30 CVE-2023-37518 Code Injection vulnerability in Hcltech Bigfix Servicenow Data Flow 1.2
HCL BigFix ServiceNow is vulnerable to arbitrary code injection.
network
low complexity
hcltech CWE-94
8.8
2024-01-30 CVE-2024-21649 Code Injection vulnerability in Vantage6
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC).
network
low complexity
vantage6 CWE-94
8.8
2024-01-29 CVE-2024-1015 Code Injection vulnerability in Se-Elektronicgmbh E-Ddc3.3 Firmware 03.07.03
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher.
network
low complexity
se-elektronicgmbh CWE-94
critical
9.8
2024-01-25 CVE-2023-52251 Code Injection vulnerability in Provectus UI
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
network
low complexity
provectus CWE-94
8.8
2024-01-22 CVE-2024-23750 Code Injection vulnerability in Deepwisdom Metagpt
MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen.
network
low complexity
deepwisdom CWE-94
8.8
2024-01-20 CVE-2024-0521 Code Injection vulnerability in Paddlepaddle Paddle
Code Injection in paddlepaddle/paddle
local
low complexity
paddlepaddle CWE-94
7.8
2024-01-19 CVE-2024-0738 Code Injection vulnerability in Garethhk Mldong 1.0
A vulnerability, which was classified as critical, has been found in ???? mldong 1.0.
network
low complexity
garethhk CWE-94
critical
9.8
2024-01-19 CVE-2023-50447 Code Injection vulnerability in multiple products
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
network
high complexity
python debian CWE-94
8.1