Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-5677 | Code Injection vulnerability in Axis products Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. | 8.8 |
| 2024-02-05 | CVE-2023-5800 | Code Injection vulnerability in Axis OS Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. | 8.8 |
| 2024-02-02 | CVE-2023-50488 | Code Injection vulnerability in Blurams Lumi Security Camera A31C Firmware 23.0406.435.412 An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code. | 9.8 |
| 2024-02-02 | CVE-2023-51820 | Code Injection vulnerability in Blurams Lumi Security Camera A31C Firmware 2.3.38.12558 An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. | 6.8 |
| 2024-02-02 | CVE-2024-22533 | Code Injection vulnerability in Xiandafu Beetl 3.15.12 Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. | 9.8 |
| 2024-02-02 | CVE-2024-23746 | Code Injection vulnerability in Miro 0.8.18 Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents). | 9.8 |
| 2024-02-01 | CVE-2023-47257 | Code Injection vulnerability in Connectwise Automate and Screenconnect ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages. | 8.1 |
| 2024-01-30 | CVE-2023-37518 | Code Injection vulnerability in Hcltech Bigfix Servicenow Data Flow 1.2 HCL BigFix ServiceNow is vulnerable to arbitrary code injection. | 8.8 |
| 2024-01-30 | CVE-2024-21649 | Code Injection vulnerability in Vantage6 The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). | 8.8 |
| 2024-01-29 | CVE-2024-1015 | Code Injection vulnerability in Se-Elektronic E-Ddc3.3 Firmware 03.07.03 Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. | 9.8 |