Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-03-27 CVE-2023-24835 Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function.
network
low complexity
CWE-94
7.2
2023-03-21 CVE-2023-24709 Code Injection vulnerability in Paradox Ipr512 Firmware
An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters.
network
low complexity
paradox CWE-94
7.5
2023-03-20 CVE-2023-1250 Code Injection vulnerability in Otrs
Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code.
local
low complexity
otrs CWE-94
7.8
2023-03-18 CVE-2023-1482 Code Injection vulnerability in Hkcms Project Hkcms 2.2.4.230206
A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206.
network
low complexity
hkcms-project CWE-94
8.8
2023-03-16 CVE-2023-0598 Code Injection vulnerability in GE Ifix 2022/6.1/6.5
GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software.
network
low complexity
ge CWE-94
critical
9.8
2023-03-16 CVE-2022-4009 Code Injection vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation
network
low complexity
octopus CWE-94
8.8
2023-03-13 CVE-2023-0888 Code Injection vulnerability in Bbraun Battery-Pack SP With Wifi Firmware
An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module.
network
low complexity
bbraun CWE-94
7.2
2023-03-13 CVE-2023-1367 Code Injection vulnerability in Easyappointments
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
network
low complexity
easyappointments CWE-94
3.8
2023-03-09 CVE-2023-1287 Code Injection vulnerability in 3DS Enovia Live Collaboration
An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution.
network
low complexity
3ds CWE-94
critical
9.8
2023-03-09 CVE-2023-27986 Code Injection vulnerability in GNU Emacs 28.1/28.2
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.
local
low complexity
gnu CWE-94
7.8