Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,500)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-45623 - - Jun 17, 2026 Sep 2, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). N...Show more D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2024-41369 1Sourcefabric 1Phoniebox Jun 17, 2026 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php
CVE-2024-41368 1Sourcefabric 1Phoniebox Jun 17, 2026 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php
CVE-2024-41367 1Sourcefabric 1Phoniebox Jun 17, 2026 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php
CVE-2024-41366 1Sourcefabric 1Phoniebox Jun 17, 2026 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php
CVE-2024-41364 1Sourcefabric 1Phoniebox Jun 17, 2026 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php
CVE-2024-41361 1Sourcefabric 1Phoniebox Jun 17, 2026 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php
CVE-2024-43922 1Nitropack 1Nitropack Jun 17, 2026 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7.
CVE-2023-26324 1Mi 1Getapps Jun 17, 2026 Aug 28, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious c...Show more A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.Show less
CVE-2023-26322 1Mi 1Getapps Jun 17, 2026 Aug 28, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious c...Show more A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.Show less
CVE-2024-7720 1Hp 1Security Manager Jun 17, 2026 Aug 27, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries.
CVE-2024-7656 - - Jun 17, 2026 Aug 24, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function. Th...Show more The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.Show less
CVE-2024-42845 - - Jun 17, 2026 Aug 23, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
CVE-2024-42756 1Netgear 1Dgn1000ww Firmware Jun 17, 2026 Aug 23, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page
CVE-2024-5466 1Zohocorp 4Manageengine Opmanager Manageengine Opmanager MspManageengine Opmanager Plus+1 more Jun 17, 2026 Aug 23, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.
CVE-2024-7559 1Filemanagerpro.io 1File Manager Pro Jun 17, 2026 Aug 23, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including,...Show more The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2024-45201 1Llamaindex 1Llamaindex Jun 17, 2026 Aug 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.
CVE-2024-42599 1Seacms 1Seacms Jun 17, 2026 Aug 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code...Show more SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.Show less
CVE-2024-6386 1Wpml 1Wpml Jun 17, 2026 Aug 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the r...Show more The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.Show less
CVE-2024-40453 1Squirrelly 1Squirrelly Jun 17, 2026 Aug 21, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.

Previous 1...133134135...325 Next