CVE-2023-51784 – Apache InLong: Remote Code Execution vulnerability in Apache InLong Manager
https://notcve.org/view.php?id=CVE-2023-51784
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. • http://www.openwall.com/lists/oss-security/2024/01/03/1 https://lists.apache.org/thread/4nxbyl6mh5jgh0plk0qposbxwn6w9h8j • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-41783 – Command Injection Vulnerability of ZTE's ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-41783
There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. Existe una vulnerabilidad de inyección de comandos en ZXCLOUD iRAI de ZTE. Debido a que el programa no pudo validar adecuadamente la entrada del usuario, un atacante podría aprovechar esta vulnerabilidad para escalar los privilegios locales. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-0196 – Magic-Api code injection
https://notcve.org/view.php?id=CVE-2024-0196
The manipulation leads to code injection. ... Durch das Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/laoquanshi/puppy/blob/main/Magic-Api%20Code%20Execution%20Vulnerability.md https://vuldb.com/?ctiid.249511 https://vuldb.com/?id.249511 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-0195 – spider-flow FunctionController.java FunctionService.saveFunction code injection
https://notcve.org/view.php?id=CVE-2024-0195
The manipulation leads to code injection. ... Durch Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/Cappricio-Securities/CVE-2024-0195 https://github.com/MuhammadWaseem29/CVE-2024-0195-SpiderFlow https://github.com/fa-rrel/CVE-2024-0195-SpiderFlow https://github.com/hack-with-rohit/CVE-2024-0195-SpiderFlow https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md https://vuldb.com/?ctiid.249510 https://vuldb.com/?id.249510 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-41544
https://notcve.org/view.php?id=CVE-2023-41544
SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. Vulnerabilidad de inyección SSTI en jeecg-boot versión 3.5.3, permite a atacantes remotos ejecutar código arbitrario a través de una solicitud HTTP manipulada al componente /jmreport/loadTableData. • https://pho3n1x-web.github.io/2023/09/18/CVE-2023-41544%28JeecgBoot_SSTI%29 • CWE-94: Improper Control of Generation of Code ('Code Injection') •