Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,471)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-30565 1Seacms 1Seacms Jun 17, 2026 Apr 4, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php.
CVE-2024-27705 1Leantime 1Leantime Jun 17, 2026 Apr 3, 2024 N/A· v4 7.6 HIGH· v3 N/A· v2 Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint.
CVE-2024-30568 1Netgear 1R6850 Firmware Jun 17, 2026 Apr 3, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter.
CVE-2024-25096 1Canto 1Canto Jun 17, 2026 Apr 3, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7.
CVE-2024-24707 - - Jun 17, 2026 Apr 3, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2.
CVE-2024-31390 - - Jun 17, 2026 Apr 3, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 : Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2.
CVE-2024-31380 - - Jun 17, 2026 Apr 3, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a th...Show more Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9.Show less
CVE-2024-29477 1Dolibarr 1Dolibarr Erp/crm Jun 17, 2026 Apr 3, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.
CVE-2024-27972 - - Jun 17, 2026 Apr 3, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.This issue affects WP Fusion Lite: from n/a through <= 3.41.24.
CVE-2024-27191 - - Jun 17, 2026 Apr 3, 2024 N/A· v4 8.5 HIGH· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Slivery Extender slivery-extender allows Remote Code Inclusion.This issue affects Slivery Extender: from n/a through <= 1.0.2.
CVE-2024-25918 1Instawp 1Instawp Connect Jun 17, 2026 Apr 3, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8.
CVE-2024-31011 1Beescms 1Beescms Jun 17, 2026 Apr 3, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php.
CVE-2024-31005 1Axiosys 1Bento4 Jun 17, 2026 Apr 2, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment
CVE-2024-31004 1Axiosys 1Bento4 Jun 17, 2026 Apr 2, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4fragment.
CVE-2024-31003 1Axiosys 1Bento4 Jun 17, 2026 Apr 2, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp.
CVE-2024-29276 - - Jun 17, 2026 Apr 2, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in seeyonOA version 8, allows remote attackers to execute arbitrary code via the importProcess method in WorkFlowDesignerController.class component.
CVE-2024-30858 1Netentsec 1Ns Asg Firmware Jun 17, 2026 Apr 1, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php.
CVE-2024-30868 1Netentsec 1Ns Asg Firmware Jun 17, 2026 Apr 1, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php.
CVE-2023-41724 1Ivanti 1Standalone Sentry Jun 17, 2026 Mar 31, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical...Show more A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. Show less
CVE-2024-31032 - - Jun 17, 2026 Mar 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component.

Previous 1...146147148...324 Next