CVE-2026-42898

Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network...

MiracleLinux 9 : firefox-102.9.0-3.el9.ML.1 (AXSA:2023-5234:12)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5234:12 advisory. Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9...

CVE-2025-11837 Malware Remover

An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover 6.6.8.20251023 and later...

PT-2025-43243

Name of the Vulnerable Software and Affected Versions WP Last Modified Info versions through 1.9.2 Description A flaw exists in WP Last Modified Info that allows for Remote Code Inclusion due to improper control of code generation. This issue allows an attacker to inject code remotely...

EUVD-2025-26057

Malicious code in bioql PyPI...

CVE-2024-21760

An improper control of generation of code 'Code Injection' vulnerability CWE-94 in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code...

Mozilla: Out-of-bounds-read after mis-optimized switch statement

The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads...

Mozilla: Incorrect code generation on 32-bit ARM devices

The Mozilla Foundation Security Advisory describes this flaw as: Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. This issue only affects 32-bit ARM devices...

PT-2024-5016 · Sap · Sap Aba

Name of the Vulnerable Software and Affected Versions: SAP ABA Application Basis versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I Description: The issue in SAP ABA is related to incorrect code generation management, allowing an attacker with remote execution authorization to use a...

PT-2023-5312 · Ansible · Ansible

Name of the Vulnerable Software and Affected Versions: ansible semaphore version 2.8.90 Description: The issue in ansible semaphore allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. This is related to incorrect code generation management in...

PT-2021-6389

Name of the Vulnerable Software and Affected Versions Microsoft Excel affected versions not specified Description The issue is related to incorrect code generation management in Microsoft Office, Microsoft Excel, and Microsoft 365 packages. This allows a remote attacker to execute arbitrary code...

CVE-2021-42754

An improper control of generation of code vulnerability CWE-94 in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file...

GHSA-HPQH-2WQX-7QP5 Memory access due to code generation flaw in Cranelift module

There is a bug in 0.73.0 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a WebAssembly module. Users of versions 0.73.0 of Cranelift should upgrade to either 0.73.1 or 0.74 to remediate this vulnerability. Users of Cranelift prior to 0.73...

PT-2021-3272 · Nni · Nni

Name of the Vulnerable Software and Affected Versions: NNI versions affected versions not specified Description: The issue is related to incorrect code generation management in the common utils.py module of the Neural Network Intelligence NNI toolkit, which is used for automating design, neural...

PT-2021-2728 · Microsoft · Azure Sphere

Name of the Vulnerable Software and Affected Versions: Azure Sphere affected versions not specified Description: The issue is related to incorrect code generation management in Azure Sphere operating systems. Exploitation of this issue may allow an attacker to execute arbitrary code...

PT-2021-2274 · Microsoft · Office Excel

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Description: The issue is related to incorrect code generation management in Microsoft Excel. It allows a remote attacker to execute arbitrary code. The vulnerability can be exploited through th...

pcp: Local privilege escalation in pcp spec file %post section

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Developmen...