Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-45848 Code Injection vulnerability in Mindsdb 23.12.4.0/23.12.4.1
An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server.
network
low complexity
mindsdb CWE-94
8.8
8.8
2024-09-12 CVE-2024-45849 Code Injection vulnerability in Mindsdb
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server.
network
low complexity
mindsdb CWE-94
8.8
8.8
2024-09-12 CVE-2024-45850 Code Injection vulnerability in Mindsdb
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server.
network
low complexity
mindsdb CWE-94
8.8
8.8
2024-09-12 CVE-2024-45851 Code Injection vulnerability in Mindsdb
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server.
network
low complexity
mindsdb CWE-94
8.8
8.8
2024-09-10 CVE-2024-43469 Code Injection vulnerability in Microsoft Azure Cyclecloud
Azure CycleCloud Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-94
8.8
8.8
2024-09-10 CVE-2024-8258 Code Injection vulnerability in Logitech Logi Options+
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.
local
low complexity
logitech CWE-94
7.8
7.8
2024-09-10 CVE-2024-6596 Code Injection vulnerability in Endress products
An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.
network
low complexity
endress CWE-94
critical
 9.8
9.8
2024-09-10 CVE-2024-8268 Code Injection vulnerability in Buffercode Frontend Dashboard
The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up to, and including, 2.2.4.
network
low complexity
buffercode CWE-94
8.8
8.8
2024-09-10 CVE-2024-8478 Code Injection vulnerability in Ifeelweb Affiliate Super Assistent
The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3.
network
low complexity
ifeelweb CWE-94
7.3
7.3
2024-09-04 CVE-2024-45053 Code Injection vulnerability in Ethyca Fides
Fides is an open-source privacy engineering platform.
network
low complexity
ethyca CWE-94
7.2
7.2