Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-41361 Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php
network
low complexity
sourcefabric CWE-94
critical
9.8
2024-08-29 CVE-2024-41364 Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php
network
low complexity
sourcefabric CWE-94
critical
9.8
2024-08-29 CVE-2024-41366 Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php
network
low complexity
sourcefabric CWE-94
critical
9.8
2024-08-29 CVE-2024-41367 Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php
network
low complexity
sourcefabric CWE-94
critical
9.8
2024-08-29 CVE-2024-41368 Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php
network
low complexity
sourcefabric CWE-94
critical
9.8
2024-08-29 CVE-2024-43922 Code Injection vulnerability in Nitropack
Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc.
network
low complexity
nitropack CWE-94
critical
9.8
2024-08-23 CVE-2024-5466 Code Injection vulnerability in Zohocorp products
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.
network
low complexity
zohocorp CWE-94
8.8
2024-08-21 CVE-2024-6386 Code Injection vulnerability in Wpml
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection.
network
low complexity
wpml CWE-94
8.8
2024-08-21 CVE-2024-40453 Code Injection vulnerability in Squirrelly 9.0.0
squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.
network
low complexity
squirrelly CWE-94
critical
9.8
2024-08-20 CVE-2024-43404 Code Injection vulnerability in Megacord Megabot
MEGABOT is a fully customized Discord bot for learning and fun.
network
low complexity
megacord CWE-94
critical
9.8