Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-45851 Code Injection vulnerability in Mindsdb
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server.
network
low complexity
mindsdb CWE-94
8.8
2024-09-10 CVE-2024-43469 Code Injection vulnerability in Microsoft Azure Cyclecloud
Azure CycleCloud Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-94
8.8
2024-09-10 CVE-2024-8258 Code Injection vulnerability in Logitech Logi Options+
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.
local
low complexity
logitech CWE-94
7.8
2024-09-10 CVE-2024-6596 Code Injection vulnerability in Endress products
An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.
network
low complexity
endress CWE-94
critical
9.8
2024-09-10 CVE-2024-8268 Code Injection vulnerability in Buffercode Frontend Dashboard
The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up to, and including, 2.2.4.
network
low complexity
buffercode CWE-94
8.8
2024-09-10 CVE-2024-8478 Code Injection vulnerability in Ifeelweb Affiliate Super Assistent
The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3.
network
low complexity
ifeelweb CWE-94
7.3
2024-09-04 CVE-2024-45053 Code Injection vulnerability in Ethyca Fides
Fides is an open-source privacy engineering platform.
network
low complexity
ethyca CWE-94
7.2
2024-09-03 CVE-2024-45390 Code Injection vulnerability in Blakeembrey Template
@blakeembrey/template is a string template library.
network
low complexity
blakeembrey CWE-94
critical
9.8
2024-09-03 CVE-2024-7345 Code Injection vulnerability in Progress Openedge
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
low complexity
progress CWE-94
critical
9.6
2024-09-03 CVE-2024-8374 Code Injection vulnerability in Ultimaker Cura
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py).
local
low complexity
ultimaker CWE-94
7.8