Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-11-04 CVE-2024-51329 Code Injection vulnerability in Idrsdev Agile-Board 1.0
A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.
network
low complexity
idrsdev CWE-94
8.8
2024-11-04 CVE-2024-10035 Code Injection vulnerability in Bg-Tek Coslat
Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection.This issue affects CoslatV3: through 3.1069.
network
low complexity
bg-tek CWE-94
critical
9.8
2024-11-04 CVE-2024-10761 Code Injection vulnerability in Umbraco CMS 12.3.6
A vulnerability was found in Umbraco CMS 12.3.6.
network
low complexity
umbraco CWE-94
5.4
2024-10-30 CVE-2024-9846 Code Injection vulnerability in Aftabhusain Enable Shortcodes Inside Widgets,Comments and Experts
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0.
network
low complexity
aftabhusain CWE-94
7.3
2024-10-30 CVE-2024-10505 Code Injection vulnerability in Wuzhicms 4.1.0
A vulnerability was found in wuzhicms 4.1.0.
network
low complexity
wuzhicms CWE-94
7.2
2024-10-29 CVE-2024-8923 Code Injection vulnerability in Servicenow Vancouver/Washingtondc/Xanadu
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform.
network
low complexity
servicenow CWE-94
critical
10.0
2024-10-28 CVE-2024-50450 Code Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter
Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.
network
low complexity
pluginus CWE-94
critical
9.8
2024-10-28 CVE-2024-50492 Code Injection vulnerability in Scottpaterson Scottcart
Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart allows Code Injection.This issue affects ScottCart: from n/a through 1.1.
network
low complexity
scottpaterson CWE-94
critical
9.8
2024-10-28 CVE-2024-50498 Code Injection vulnerability in Lubus WP Query Console
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.
network
low complexity
lubus CWE-94
critical
9.8
2024-10-28 CVE-2024-9162 The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86.
network
low complexity
CWE-94
7.2