The vulnerability of the js2py.disable_pyimport() function in the js2py library allows a hacker to bypass the sandbox protection and execute arbitrary code.

The vulnerability of the js2py.disablepyimport function in the js2py library is related to improper code generation management. Exploiting this vulnerability could allow a remote attacker to bypass the sandbox’s security mechanisms and execute arbitrary code by sending specially crafted API calls...

Vulnerability of the McAfee Security software: The Android operating system’s antivirus VPN, which is vulnerable due to improper code generation, allowing attackers to perform spear-phishing attacks.

The vulnerability of the McAfee Security software: The Android operating system’s antivirus and VPN services are vulnerable due to improper code generation. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks...

The vulnerability of the software for managing VMware vCenter Server’s virtual infrastructure arises from improper code generation, allowing an attacker to execute arbitrary code.

The vulnerability of VMware vCenter Server’s software management software is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the `showwaves_filter_frame` component (libavfilter/avf_showwaves.c) in the FFmpeg multimedia library allows a attacker to execute arbitrary code.

The vulnerability of the showwavesfilterframe component in the FFmpeg multimedia library’s libavfilter/avfshowwaves.c file is related to improper handling of code generation. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2024-37228

Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through = 0.1.0.38...

CVE-2024-37109

Improper Control of Generation of Code 'Code Injection' vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7...

CVE-2024-5683

Improper Control of Generation of Code 'Code Injection' vulnerability in Next4Biz CRM & BPM Software Business Process Manangement BPM allows Remote Code Inclusion. This issue affects Business Process Manangement BPM: from 6.6.4.4 before 6.6.4.5...

PT-2024-27397 · Unknown · Instawp Connect

Name of the Vulnerable Software and Affected Versions: InstaWP Connect versions 0.1.0.38 and earlier Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability, which allows Code Injection. Recommendations: For InstaWP Connect versions 0.1.0.38 a...

WordPress plugin WishList Member X Code Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A code injection...

WordPress plugin InstaWP Connect code injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin Advanced Custom Fields PRO Code Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability previously...

The vulnerability of the addons/structure/plugins/content/pages/modulesmodules.php component of the REDAXO content management system allows a hacker to execute arbitrary code.

The vulnerability of the addons/structure/plugins/content/pages/modulesmodules.php component of the REDAXO content management system is related to improper handling of code generation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the Java-based web application framework Apache Wicket, related to improper code generation management, allows attackers to gain unauthorized access to protected information, execute arbitrary code, and gain full control over the application.

The vulnerability of the Java-based web application framework Apache Wicket is related to improper code generation management. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information, execute arbitrary code, and gain full contr...

The vulnerability of the `compileClient`, `compileFileClient`, and `compileClientWithDependenciesTracked` templates for generating Pug markup (formerly Jade) allows attackers to execute arbitrary code.

The vulnerability of the compileClient, compileFileClient, and compileClientWithDependenciesTracked functions of the Pug template for generating HTML markup formerly Jade is related to improper code generation control. Exploiting this vulnerability could allow a remote attacker to execute arbitra...

The vulnerability of the `updateAuditSource` method in the Manager component of the Apache InLong data integration platform allows a perpetrator to execute arbitrary code.

The vulnerability of the updateAuditSource method in the Manager component of the Apache InLong integration platform is related to improper code generation management. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

LiteLLM 代码注入漏洞

LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. LiteLLM suffers from a code injection vulnerability that stems from improper control over code generation, leading to a remote code execution RCE vulnerability...

The vulnerability of the Windows operating system’s DNS server allows a hacker to execute arbitrary code.

The vulnerability of the Windows operating system’s DNS server is related to improper handling of code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Windows operating system’s DNS server allows a hacker to execute arbitrary code.

The vulnerability of the Windows operating system’s DNS server is related to improper handling of code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

GLSA-202405-15 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-15 Mozilla Firefox: Multiple Vulnerabilities - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects...

The vulnerability of Microsoft Edge browser, related to improper code generation, allows attackers to bypass existing security restrictions.

The vulnerability of Microsoft Edge is related to improper handling of code generation. Exploiting this vulnerability can allow a remote attacker to bypass existing security restrictions...