Apache OFBiz Code Execution Vulnerability (CNVD-2025-20870)

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code execution vulnerability exists in Apache OFBiz versions prior to 24.09.02 that stems from improper...

CVE-2025-48169

Improper Control of Generation of Code 'Code Injection' vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects Code Engine: from n/a through = 0.3.3...

CVE-2025-30975

CVE-2025-30975 affects the WordPress plugin Add Custom Codes (versions up to 4.80). The issue is described as Improper Control of Generation of Code (Code Injection) allowing Remote Code Execution for authenticated users (Contributor+). Documents confirm the vulnerability is still unpatched (Patc...

CVE-2025-54019

The CVE-2025-54019 entry pertains to the WordPress Alone (Alone) plugin/theme, with an Arbitrary Code Execution vulnerability caused by improper control of code generation. Affected versions are listed as

PT-2025-33908 · Unknown · Saifumak Add Custom Codes

Name of the Vulnerable Software and Affected Versions: SaifuMak Add Custom Codes versions through 4.80 Description: An improper control of generation of code 'Code Injection' issue exists in SaifuMak Add Custom Codes, allowing code injection. Recommendations: At the moment, there is no informatio...

WordPress plugin Alone 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on servers running PHP and MySQL, and the WordPre...

WordPress plugin Code Engine 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Add Custom Codes 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Apache OFBiz 安全漏洞

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code execution vulnerability exists in Apache OFBiz versions prior to 24.09.02 that stems from improper...

CVE-2025-53187

Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function calls without prio...

BIT-GITLAB-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, related to improper code generation, allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to improper code generation. Exploiting these vulnerabilities allows a malicious actor to compromise the confidentiality and integrity of protected information...

SAMSUNG MagicINFO 9 Server Code Injection Vulnerability

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a code injection vulnerability that originates from improper code generation control and can be exploited by an attacker ...

SAMSUNG MagicINFO 9 Server 安全漏洞

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a code injection vulnerability that originates from improper code generation control and can be exploited by an attacker ...

Microsoft SharePoint Remote Code Execution Vulnerability

SharePoint Server is a locally deployed enterprise collaboration platform from Microsoft that supports content sharing, knowledge management, and application integration, and works seamlessly with Microsoft 365 subscriptions to access the latest features. A remote code execution vulnerability...

The vulnerability of the data collection tool for Azure Monitor Agents, which operates on virtual machines and physical servers, stems from improper code generation. This allows attackers to execute arbitrary code.

Vulnerability of the data collection tool for Azure Monitor Agent, which processes virtual machines and physical servers, due to improper code generation management. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

OpenText Directory Services 代码注入漏洞

OpenText Directory Services OTDS is an information management solution from OpenText Canada Inc. integrating OpenText products and solutions with the company's enterprise directory infrastructure. A code injection vulnerability exists in OpenText Directory Services version 23.4 that stems from...

WordPress plugin Alone 代码注入漏洞

WordPress Alone is a theme designed for nonprofit organizations, primarily for the WordPress platform. WordPress Alone suffers from a code injection vulnerability that stems from improper code generation controls, no details of the vulnerability are provided at this time...

The vulnerability of the functional module of the RFC interface of the software tool for managing changes and migrations in SAP Landscape Transformation (SLT) allows a attacker to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the functional module of the RFC interface of the software tool for managing changes and migrations in SAP Landscape Transformation SLT is related to improper code generation. Exploiting this vulnerability can allow an attacker to influence the confidentiality, integrity, and...

The vulnerability of the SAP NetWeaver Application ABAP software integration platform’s server, related to improper code generation management, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the SAP NetWeaver Application ABAP software integration platform is related to incorrect code generation management. Exploiting this vulnerability allows an attacker to influence the confidentiality, integrity, and accessibility of protected information...