VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Control of Generation of Code ('Code Injection')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-01-20
CVE-2025-0576
A vulnerability was found in Mobotix M15 4.3.4.83 and classified as problematic.
network
low complexity
CWE-94
4.3
4.3
2025-01-18
CVE-2025-0557
A vulnerability classified as problematic has been found in Hyland Alfresco Community Edition and Alfresco Enterprise Edition up to 6.2.2.
network
low complexity
CWE-94
4.3
4.3
2025-01-18
CVE-2025-23209
Code Injection vulnerability in Craftcms Craft CMS
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond.
network
high complexity
craftcms
CWE-94
8.1
8.1
2025-01-17
CVE-2025-0530
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic.
network
low complexity
CWE-94
3.5
3.5
2025-01-16
CVE-2024-10970
The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43.
network
low complexity
CWE-94
5.4
5.4
2025-01-08
CVE-2024-11635
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter.
network
low complexity
CWE-94
critical
9.8
9.8
2025-01-08
CVE-2024-11613
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file.
network
low complexity
CWE-94
critical
9.8
9.8
2025-01-07
CVE-2024-12471
The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1.
network
low complexity
CWE-94
8.8
8.8
2025-01-07
CVE-2024-12252
The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1.
network
low complexity
CWE-94
critical
9.8
9.8
2025-01-07
CVE-2024-12419
The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0.
network
low complexity
CWE-94
6.5
6.5
«
Previous
1
2
...
5
6
7
(current)
8
9
...
110
111
»
Next