GHSA-7CW6-7H3H-V8PF Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-2017 Twig filters to only be executed with allowed functions. However there was a regression that lead to an array and array crafted PHP Closure not checked being against allow list for the map... override Patches Patched in 6.7.6.1 Workarounds Install the security...

RUSTSEC-2026-0003 Non-constant-time code generation on ARM32 targets

Summary While the cmov crate has a special backend for aarch64 which uses special CSEL instructions, on 32-bit ARM it uses a portable pure Rust fallback implementation. This implementation uses a combination of bitwise arithmetic and core::hint::blackbox to attempt to coerce constant-time code...

PHOENIX CONTACT TC ROUTER 代码注入漏洞

PHOENIX CONTACT TC ROUTER is a series of routers from PHOENIX CONTACT, Germany. A code injection vulnerability exists in the PHOENIX CONTACT TC ROUTER that stems from improper code generation controls and could lead to code injection and a complete loss of confidentiality, availability, and...

CVE-2021-22336

There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause denial of security services on a rooted device...

CVE-2021-0966

In code generated by BuildParcelFields of generatecpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution...

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...

CVE-2025-23251

NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering...

CVE-2025-11837

An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover 6.6.8.20251023 and later...

CVE-2025-11837

An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover 6.6.8.20251023 and later...

CVE-2025-11837

An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover 6.6.8.20251023 and later...

CVE-2025-11837 Malware Remover

An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover 6.6.8.20251023 and later...

CVE-2025-11837 Malware Remover

An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover 6.6.8.20251023 and later...

QNAP Systems Malware Remover 代码注入漏洞

QNAP Systems Malware Remover is a built-in security application from Taiwan, China-based QNAP Systems. A code injection vulnerability exists in QNAP Systems Malware Remover, which stems from improper code generation controls that could lead to a bypass of protection mechanisms...

[SECURITY] Fedora 42 Update: golang-github-google-wire-0.6.0-14.fc42

Wire is a code generation tool that automates connecting components using dependency injection. Dependencies between components are represented in Wire as function parameters, encouraging explicit initialization instead of global variables. Because Wire operates without runtime state or reflectio...

CVE-2025-68897

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...

Exploring the Security Threats of Retriever Backdoors in Retrieval-Augmented Code Generation

Retrieval-Augmented Code Generation RACG is increasingly adopted to enhance Large Language Models for software development, yet its security implications remain dangerously underexplored. This paper conducts the first systematic exploration of a critical and stealthy threat: backdoor attacks...

SoK: Understanding (New) Security Issues across AI4Code Use Cases

AI-for-Code AI4Code systems are reshaping software engineering, with tools like GitHub Copilot accelerating code generation, translation, and vulnerability detection. Alongside these advances, however, security risks remain pervasive: insecure outputs, biased benchmarks, and susceptibility to...

CVE-2025-65037

Improper control of generation of code 'code injection' in Azure Container Apps allows an unauthorized attacker to execute code over a network...

CVE-2025-60070

Improper Control of Generation of Code 'Code Injection' vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through = 1.5.13...

CVE-2025-60068

Improper Control of Generation of Code 'Code Injection' vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through = 3.0.0.266...