CVE-2026-42898

Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network...

MiracleLinux 9 : firefox-102.9.0-3.el9.ML.1 (AXSA:2023-5234:12)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5234:12 advisory. Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9...

CVE-2025-11837 Malware Remover

An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover 6.6.8.20251023 and later...

PT-2025-43243

Name of the Vulnerable Software and Affected Versions WP Last Modified Info versions through 1.9.2 Description A flaw exists in WP Last Modified Info that allows for Remote Code Inclusion due to improper control of code generation. This issue allows an attacker to inject code remotely...

EUVD-2025-26057

Malicious code in bioql PyPI...

The vulnerability of the Fresh Framework plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the Fresh Framework plugin for WordPress content management systems is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the sys_exec() function in the MariaDB database management system allows a attacker to execute arbitrary commands with elevated privileges.

The vulnerability of the sysexec function in the MariaDB database management system is related to improper code generation. Exploiting this vulnerability allows an attacker to execute arbitrary commands with elevated privileges...

The vulnerability of the PHP Smarty templater, related to improper handling of code generation, allows attackers to execute arbitrary PHP code.

The vulnerability of the PHP Smarty templater is related to improper handling of code generation. Exploiting this vulnerability allows an attacker to execute arbitrary PHP code on the target system...

The vulnerability of the htmlawed module in the GLPI system for job requests, incidents, and computer equipment inventory allows a hacker to inject arbitrary PHP code.

The vulnerability of the htmlawed module in the GLPI system for job requests, incidents, and computer equipment inventory management is related to incorrect code generation. Exploiting this vulnerability allows a malicious actor to inject arbitrary PHP code remotely...

CVE-2024-21760

An improper control of generation of code 'Code Injection' vulnerability CWE-94 in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code...

The vulnerability of the user_login.cgi web interface of the DrayTek Vigor router software allows a hacker to execute arbitrary code.

The vulnerability of the userlogin.cgi web interface of the DrayTek Vigor router software lies in improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Apache OFBiz resource planning software lies in improper code generation management, which allows attackers to execute SSRF attacks.

The vulnerability of Apache OFBiz’s resource planning software lies in improper code generation management. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...

The vulnerability of the client plugin libreswan in the NetworkManager software is related to improper code generation. This allows attackers to increase their privileges and execute arbitrary code.

The vulnerability of the client plugin libreswan in the NetworkManager network management software is related to incorrect code generation. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

The vulnerability of the readCodeFor function in the mysql2 library allows a hacker to execute arbitrary code.

The vulnerability of the readCodeFor function in the mysql2 library relates to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the msp_info_htm function in D-Link DI-8300 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the mspinfohtm function in D-Link DI-8300 router microprogramming software is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the GET request...

The vulnerability of the eval() function in the framework for creating, managing, and launching autonomous agents based on artificial intelligence, SuperAGI, allows a perpetrator to execute arbitrary code and gain full control over the application.

The vulnerability of the eval function in the framework for creating, managing, and launching autonomous agents based on artificial intelligence, SuperAGI, is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and gain full contro...

Mozilla: Out-of-bounds-read after mis-optimized switch statement

The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads...

The vulnerability of the Bricks Builder plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the Bricks Builder plugin of the WordPress content management system is related to improper handling of code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Mozilla: Incorrect code generation on 32-bit ARM devices

The Mozilla Foundation Security Advisory describes this flaw as: Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. This issue only affects 32-bit ARM devices...

The vulnerability of the Extensive VC Addons plugin of the WordPress content management system allows attackers to expose sensitive information that should be protected.

The vulnerability of the Extensive VC Addons plugin of the WordPress content management system is related to improper code generation. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...