CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45590
https://notcve.org/view.php?id=CVE-2023-45590
An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website Un control inadecuado de la generación de código ("inyección de código") en Fortinet FortiClientLinux versión 7.2.0, 7.0.6 a 7.0.10 y 7.0.3 a 7.0.4 permite a un atacante ejecutar código o comandos no autorizados engañando a un usuario de FortiClientLinux para que visitar un sitio web malicioso • https://fortiguard.com/psirt/FG-IR-23-087 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31807
https://notcve.org/view.php?id=CVE-2024-31807
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. Se descubrió que TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del parámetro hostTime en la función NTPSyncWithHost. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_2_NTPSyncWithHost/CI.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31022
https://notcve.org/view.php?id=CVE-2024-31022
An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component. Se descubrió un problema en CandyCMS versión 1.0.0 que permite a atacantes remotos ejecutar código arbitrario a través del componente install.php. • https://www.xuxblog.top/2024/03/25/CandyCMS-Pre-Auth-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30923 – DerbyNet 9.0 print/render/racer.inc SQL Injection
https://notcve.org/view.php?id=CVE-2024-30923
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering Vulnerabilidad de inyección SQL en DerbyNet v9.0 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de la cláusula donde en Racer Document Rendering DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31266 – WordPress Advanced Order Export For WooCommerce plugin <= 3.4.4 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-31266
Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4. • https://patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanced-order-export-for-woocommerce-plugin-3-4-4-remote-code-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •