Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,515)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-42733 1Docmosis 1Tornado Jun 17, 2026 Mar 7, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input
CVE-2024-53693 1Qnap 2Qts Quts Hero Jun 17, 2026 Mar 7, 2025 7.1 HIGH· v4 7.1 HIGH· v3 N/A· v2 An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gain...Show more An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and laterShow less
CVE-2024-50405 1Qnap 2Qts Quts Hero Jun 17, 2026 Mar 7, 2025 5.1 MEDIUM· v4 5.5 MEDIUM· v3 N/A· v2 An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gain...Show more An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and laterShow less
CVE-2025-2087 1Starsea99 1Starsea Mall Jun 17, 2026 Mar 7, 2025 5.1 MEDIUM· v4 6.1 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName l...Show more A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-2086 1Starsea99 1Starsea Mall Jun 17, 2026 Mar 7, 2025 5.1 MEDIUM· v4 6.1 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cro...Show more A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-2085 1Starsea99 1Starsea Mall Jun 17, 2026 Mar 7, 2025 5.1 MEDIUM· v4 6.1 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scr...Show more A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-2084 1Phpgurukul 1Human Metapneumovirus Jun 17, 2026 Mar 7, 2025 5.1 MEDIUM· v4 6.1 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /search-report.php of the component Search R...Show more A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /search-report.php of the component Search Report Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-2061 1Fabian 1Online Ticket Reservation System Jun 17, 2026 Mar 7, 2025 5.3 MEDIUM· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulation of the argument n...Show more A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-2049 1Code Projects 1Blood Bank System Jun 17, 2026 Mar 6, 2025 5.1 MEDIUM· v4 3.5 LOW· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic has been found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file AB+.php. The manipulation of the argument Bloodname leads to cross site scripti...Show more A vulnerability classified as problematic has been found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file AB+.php. The manipulation of the argument Bloodname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-2047 1Phpgurukul 1Art Gallery Management System Jun 17, 2026 Mar 6, 2025 5.1 MEDIUM· v4 3.5 LOW· v3 4.0 MEDIUM· v2 A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /search.php. The manipulation of the argument search leads to cro...Show more A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /search.php. The manipulation of the argument search leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-13902 1Huang Yk 1Student Manage Jun 17, 2026 Mar 6, 2025 4.8 MEDIUM· v4 5.4 MEDIUM· v3 3.3 LOW· v2 A vulnerability, which was classified as problematic, was found in huang-yk student-manage 1.0. This affects an unknown part of the component Edit a Student Information Page. The manipulation of the argument Class leads...Show more A vulnerability, which was classified as problematic, was found in huang-yk student-manage 1.0. This affects an unknown part of the component Edit a Student Information Page. The manipulation of the argument Class leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-25362 - - Jun 17, 2026 Mar 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.
CVE-2024-13815 - - Jun 17, 2026 Mar 5, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly vali...Show more The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.Show less
CVE-2025-27678 1Printerlogic 2Vasion Print Virtual Appliance Jun 17, 2026 Mar 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Client Remote Code Execution V-2023-001.
CVE-2025-27657 1Printerlogic 2Vasion Print Virtual Appliance Jun 17, 2026 Mar 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Code Execution V-2023-008.
CVE-2025-1967 1Blood Bank Management System Project 1Blood Bank Management System Jun 17, 2026 Mar 5, 2025 5.1 MEDIUM· v4 3.5 LOW· v3 4.0 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /user_dashboard/donor.php. The mani...Show more A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /user_dashboard/donor.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-1957 1Code Projects 1Blood Bank System Jun 17, 2026 Mar 4, 2025 5.1 MEDIUM· v4 3.5 LOW· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /BBfile/Blood/o+.php. The manipulation of the argument Bloodname leads to cr...Show more A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /BBfile/Blood/o+.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-1955 1Code Projects 1Online Class And Exam Scheduling System Jun 17, 2026 Mar 4, 2025 5.1 MEDIUM· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Scheduling/scheduling/pages/prof...Show more A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Scheduling/scheduling/pages/profile.php. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-1949 1Zzcms 1Zzcms Jun 17, 2026 Mar 4, 2025 5.3 MEDIUM· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of the file /3/ucenter_api/code/register_nodb.php of the component URL Handler. The manipulat...Show more A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of the file /3/ucenter_api/code/register_nodb.php of the component URL Handler. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-26182 1Xxyopen 1Novel Plus Jun 17, 2026 Mar 4, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file

Previous 1...105106107...326 Next