Page 22 of 8784 results (0.102 seconds)

CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0

CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation, rather than an implementation mistake. • https://github.com/CycloneDX/cdxgen/issues/1328 https://github.com/CycloneDX/cdxgen/releases https://owasp.org/www-project-dep-scan • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/uix-shortcodes/trunk/shortcodes/templates/default/frontpage-init.php#L9 https://wordpress.org/plugins/uix-shortcodes/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/3000758d-68e0-46a6-aef0-e2407a828168?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

N-LINE 2.0.6 and prior versions contain a code injection vulnerability. • https://jvn.jp/en/jp/JVN57285747 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0

MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature. • https://github.com/herombey/Disclosures/blob/main/CVE-2024-37845%20RCE.pdf https://github.com/herombey/Disclosures/tree/main • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page. • https://github.com/herombey/Disclosures/blob/main/CVE-2024-37846-CSTI.pdf https://github.com/herombey/Disclosures/tree/main • CWE-94: Improper Control of Generation of Code ('Code Injection') •