Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-28 | CVE-2024-50498 | Code Injection vulnerability in Lubus WP Query Console Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0. | 9.8 |
| 2024-10-28 | CVE-2024-9162 | The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. | 7.2 |
| 2024-10-25 | CVE-2024-37846 | Code Injection vulnerability in Radixiot Mango MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page. | 4.6 |
| 2024-10-25 | CVE-2024-47158 | Code Injection vulnerability in Neumann N-Line N-LINE 2.0.6 and prior versions contain a code injection vulnerability. | 5.4 |
| 2024-10-23 | CVE-2024-48964 | Code Injection vulnerability in Snyk CLI The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. | 8.8 |
| 2024-10-23 | CVE-2024-20485 | Code Injection vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. | 6.7 |
| 2024-10-18 | CVE-2024-9593 | Code Injection vulnerability in Wpplugin Time Clock The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. | 8.3 |
| 2024-10-17 | CVE-2024-10073 | Code Injection vulnerability in Informatik.Hu-Berlin Flair 0.14.0 A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. | 7.5 |
| 2024-10-16 | CVE-2024-9061 | Code Injection vulnerability in Themehunk WP Popup Builder The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. | 9.8 |
| 2024-10-15 | CVE-2024-9837 | The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. | 7.3 |