Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-31 | CVE-2024-37900 | Code Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 4.6 |
| 2024-07-31 | CVE-2024-37901 | Code Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2024-07-21 | CVE-2024-6946 | Code Injection vulnerability in Flute-Cms Flute 0.2.2.4 A vulnerability was found in Flute CMS 0.2.2.4-alpha. | 8.8 |
| 2024-07-21 | CVE-2024-6947 | Code Injection vulnerability in Flute-Cms Flute 0.2.2.4 A vulnerability was found in Flute CMS 0.2.2.4-alpha. | 8.8 |
| 2024-07-21 | CVE-2024-6940 | Code Injection vulnerability in Dedecms 5.7.112 A vulnerability was found in DedeCMS 5.7.114. | 7.2 |
| 2024-07-21 | CVE-2024-6936 | Code Injection vulnerability in Formtools Form Tools 3.1.1 A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. | 4.9 |
| 2024-07-18 | CVE-2024-29178 | Code Injection vulnerability in Apache Streampark On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4 | 8.8 |
| 2024-07-18 | CVE-2024-29014 | Code Injection vulnerability in Sonicwall Netextender Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. | 8.8 |
| 2024-07-17 | CVE-2024-39877 | Code Injection vulnerability in Apache Airflow Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. | 8.8 |
| 2024-07-09 | CVE-2024-37934 | Code Injection vulnerability in Ninjaforms Ninja Forms Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4. | 9.8 |