Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-06 | CVE-2022-42699 | Auth. | 8.8 |
| 2022-12-06 | CVE-2022-46161 | pdfmake is an open source client/server side PDF printing in pure JavaScript. | 9.8 |
| 2022-12-02 | CVE-2022-23465 | Code Injection vulnerability in Swiftterm Project Swiftterm SwiftTerm is a Xterm/VT100 Terminal emulator. | 7.8 |
| 2022-12-01 | CVE-2022-3696 | Code Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. | 7.2 |
| 2022-12-01 | CVE-2022-3713 | Code Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. | 8.8 |
| 2022-11-30 | CVE-2022-24441 | Code Injection vulnerability in Snyk Security The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. | 8.8 |
| 2022-11-29 | CVE-2022-3383 | Code Injection vulnerability in Ultimatemember Ultimate Member The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). | 7.2 |
| 2022-11-29 | CVE-2022-3384 | Code Injection vulnerability in Ultimatemember Ultimate Member The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func(). | 7.2 |
| 2022-11-26 | CVE-2022-45908 | Code Injection vulnerability in Paddlepaddle In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. | 9.8 |
| 2022-11-25 | CVE-2022-41158 | Code Injection vulnerability in Eyoom Builder Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. | 9.8 |