Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2025-04-13 CVE-2025-3533 A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21.
network
low complexity
CWE-94
4.3
4.3
2025-04-13 CVE-2025-3531 A vulnerability classified as problematic has been found in YouDianCMS 9.5.21.
network
low complexity
CWE-94
4.3
4.3
2025-04-13 CVE-2025-3532 A vulnerability classified as problematic was found in YouDianCMS 9.5.21.
network
low complexity
CWE-94
4.3
4.3
2025-04-11 CVE-2025-3422 Code Injection vulnerability in Wpeverest Everest Forms
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1.
network
low complexity
wpeverest CWE-94
6.3
6.3
2025-04-10 CVE-2025-2805 The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2.
network
low complexity
CWE-94
7.3
7.3
2025-04-10 CVE-2025-2809 The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2.
network
low complexity
CWE-94
7.3
7.3
2025-04-08 CVE-2025-23186 In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service.
network
high complexity
CWE-94
8.5
8.5
2025-04-08 CVE-2025-27429 SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC.
network
low complexity
CWE-94
critical
 9.9
9.9
2025-04-08 CVE-2025-30013 SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules.
local
low complexity
CWE-94
6.7
6.7
2025-04-08 CVE-2025-31330 SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC.
network
low complexity
CWE-94
critical
 9.9
9.9