Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-21 | CVE-2024-28118 | Code Injection vulnerability in Getgrav Grav Grav is an open-source, flat-file content management system. | 8.8 |
| 2024-03-21 | CVE-2024-28119 | Code Injection vulnerability in Getgrav Grav Grav is an open-source, flat-file content management system. | 8.8 |
| 2024-02-29 | CVE-2023-51801 | Code Injection vulnerability in Oretnom23 Simple Student Attendance System 1.0 SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages. | 9.8 |
| 2024-02-20 | CVE-2024-21892 | Code Injection vulnerability in Nodejs Node.Js On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges. | 7.8 |
| 2024-02-17 | CVE-2024-25298 | Code Injection vulnerability in Redaxo 5.15.1 An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. | 7.2 |
| 2024-02-16 | CVE-2024-25415 | Code Injection vulnerability in Phoenixcart CE Phoenix Cart 1.0.8.20 A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php. | 7.2 |
| 2024-02-14 | CVE-2024-25301 | Code Injection vulnerability in Redaxo 5.15.1 Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. | 7.2 |
| 2024-02-13 | CVE-2023-42374 | Code Injection vulnerability in Mystenlabs SUI 1.2.1 An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component. | 9.8 |
| 2024-02-06 | CVE-2023-45735 | Code Injection vulnerability in Westermo L206-F2G Firmware 4.24 A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. | 8.0 |
| 2024-02-05 | CVE-2023-6996 | Code Injection vulnerability in Vegacorp Display Custom Fields in the Frontend - Post and User Profile Fields The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. | 8.8 |