Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,471)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-0252 1Zohocorp 1Manageengine Adselfservice Plus Jun 17, 2026 Jan 11, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnera...Show more ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.Show less
CVE-2023-42833 1Apple 4Ipados Iphone OsMacos+1 more Jun 17, 2026 Jan 10, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution.
CVE-2023-32383 1Apple 1Macos Jun 17, 2026 Jan 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code...Show more This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode.Show less
CVE-2024-21643 1Microsoft 1Identitymodel Extensions Jun 17, 2026 Jan 10, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `Sign...Show more IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher.Show less
CVE-2024-21737 1Sap 1Application Interface Framework Jun 17, 2026 Jan 9, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the b...Show more In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability. Show less
CVE-2024-21646 1Microsoft 1Azure Uamqp Jun 17, 2026 Jan 9, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an inte...Show more Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.Show less
CVE-2024-21650 1Xwiki 1Xwiki Jun 17, 2026 Jan 8, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allow...Show more XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests. This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1.Show less
CVE-2023-7224 1Openvpn 1Connect Jun 17, 2026 Jan 8, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable
CVE-2023-6540 1Lenovo 2Browser Hd Browser Mobile Jun 17, 2026 Jan 3, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information.
CVE-2023-51784 1Apache 1Inlong Jun 17, 2026 Jan 3, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade...Show more Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329Show less
CVE-2023-41783 1Zte 1Zxcloud Irai Jun 17, 2026 Jan 3, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.
CVE-2024-0196 1Ssssssss 1Magic Api Jun 17, 2026 Jan 2, 2024 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code in...Show more A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511.Show less
CVE-2024-0195 1Ssssssss 1Spider Flow Jun 17, 2026 Jan 2, 2024 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The ma...Show more A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.Show less
CVE-2023-39157 1Crocoblock 1Jetelements Jun 17, 2026 Dec 31, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10.
CVE-2023-41544 1Jeecg 1Jeecg Boot Jun 17, 2026 Dec 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.
CVE-2023-51420 1Soft8soft 1Verge3d Jun 17, 2026 Dec 29, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.
CVE-2023-49830 1Brainstormforce 1Astra Jun 17, 2026 Dec 29, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1.
CVE-2023-47840 1Qodeinteractive 1Qode Essential Addons Jun 17, 2026 Dec 29, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.
CVE-2023-46623 1Wpvnteam 1Wp Extra Jun 17, 2026 Dec 29, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2.
CVE-2023-45751 1Posimyth 1Nexter Extension Jun 17, 2026 Dec 29, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3.

Previous 1...153154155...324 Next