Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,471)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-26728 1Lannerinc 1Iac Ast2500a Firmware Nov 21, 2024 Oct 24, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This is...Show more Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.Show less
CVE-2021-26727 1Lannerinc 1Iac Ast2500a Firmware Nov 21, 2024 Oct 24, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user...Show more Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.Show less
CVE-2022-43416 1Jenkins 1Katalon May 8, 2025 Oct 19, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control ag...Show more Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands.Show less
CVE-2022-39424 1Oracle 1Vm Virtualbox Nov 21, 2024 Oct 18, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker w...Show more Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).Show less
CVE-2022-41544 1Get Simple 1Getsimple Cms May 13, 2025 Oct 18, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.
CVE-2022-41576 1Huawei 2Emui Harmonyos May 14, 2025 Oct 14, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.
CVE-2022-35944 1Octobercms 1October Nov 21, 2024 Oct 13, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing pub...Show more October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66.Show less
CVE-2022-41534 1Online Diagnostic Lab Management System Project 1Online Diagnostic Lab Management System May 15, 2025 Oct 13, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code v...Show more Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.Show less
CVE-2022-42889 3Apache JuniperNetapp 3Bluexp Commons TextSecurity Threat Response Manager Nov 21, 2024 Oct 13, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance o...Show more Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.Show less
CVE-2022-42902 2Debian Linaro 2Debian Linux Lava May 15, 2025 Oct 13, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn ser...Show more In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.Show less
CVE-2022-40871 1Dolibarr 1Dolibarr Erp/crm May 15, 2025 Oct 12, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database an...Show more Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.Show less
CVE-2022-40469 1Ikuai8 1Ikuaios May 15, 2025 Oct 12, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability.
CVE-2022-40274 1Gridea 1Gridea May 20, 2025 Sep 30, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegra...Show more Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled.Show less
CVE-2022-40486 1Tp Link 1Archer Ax10 V1 Firmware May 21, 2025 Sep 28, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file.
CVE-2022-40497 1Wazuh 1Wazuh May 21, 2025 Sep 28, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.
CVE-2022-21797 3Debian FedoraprojectJoblib Project 3Debian Linux FedoraJoblib Nov 21, 2024 Sep 26, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
CVE-2022-40628 1Tacitine 2En6200 Prime Quad 100 Firmware En6200 Prime Quad 35 Firmware Nov 21, 2024 Sep 23, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the Tacitine Firewall we...Show more This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary commands on the targeted device.Show less
CVE-2022-3236 1Sophos 1Firewall Oct 27, 2025 Sep 23, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
CVE-2022-26112 1Apache 1Pinot May 27, 2025 Sep 23, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the gro...Show more In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0Show less
CVE-2022-36386 1Soflyy 1Wp All Import Feb 20, 2025 Sep 21, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.

Previous 1...178179180...324 Next