Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-10-26 CVE-2024-9772 Code Injection vulnerability in Uiux UIX Shortcodes
The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9.
network
low complexity
uiux CWE-94
7.3
2024-10-25 CVE-2024-37846 Code Injection vulnerability in Radixiot Mango
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.
network
low complexity
radixiot CWE-94
4.6
2024-10-25 CVE-2024-47158 Code Injection vulnerability in Neumann N-Line
N-LINE 2.0.6 and prior versions contain a code injection vulnerability.
network
low complexity
neumann CWE-94
5.4
2024-10-23 CVE-2024-48964 Code Injection vulnerability in Snyk CLI
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project.
network
low complexity
snyk CWE-94
8.8
2024-10-23 CVE-2024-20485 Code Injection vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges.
local
low complexity
cisco CWE-94
6.7
2024-10-18 CVE-2024-9593 Code Injection vulnerability in Wpplugin Time Clock
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function.
network
low complexity
wpplugin CWE-94
8.3
2024-10-17 CVE-2024-10073 Code Injection vulnerability in Informatik.Hu-Berlin Flair 0.14.0
A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0.
network
high complexity
informatik-hu-berlin CWE-94
7.5
2024-10-16 CVE-2024-9061 Code Injection vulnerability in Themehunk WP Popup Builder
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5.
network
low complexity
themehunk CWE-94
critical
9.8
2024-10-15 CVE-2024-9837 The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1.
network
low complexity
CWE-94
7.3
2024-10-14 CVE-2024-47826 Code Injection vulnerability in Elabftw
eLabFTW is an open source electronic lab notebook for research labs.
network
low complexity
elabftw CWE-94
6.1