Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-12-06 CVE-2022-42699 Auth.
network
low complexity
CWE-94
8.8
2022-12-06 CVE-2022-46161 pdfmake is an open source client/server side PDF printing in pure JavaScript.
network
low complexity
CWE-94
critical
9.8
2022-12-02 CVE-2022-23465 Code Injection vulnerability in Swiftterm Project Swiftterm
SwiftTerm is a Xterm/VT100 Terminal emulator.
local
low complexity
swiftterm-project CWE-94
7.8
2022-12-01 CVE-2022-3696 Code Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0
A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.
network
low complexity
sophos CWE-94
7.2
2022-12-01 CVE-2022-3713 Code Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0
A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA.
low complexity
sophos CWE-94
8.8
2022-11-30 CVE-2022-24441 Code Injection vulnerability in Snyk Security
The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project.
network
low complexity
snyk CWE-94
8.8
2022-11-29 CVE-2022-3383 Code Injection vulnerability in Ultimatemember Ultimate Member
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func().
network
low complexity
ultimatemember CWE-94
7.2
2022-11-29 CVE-2022-3384 Code Injection vulnerability in Ultimatemember Ultimate Member
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func().
network
low complexity
ultimatemember CWE-94
7.2
2022-11-26 CVE-2022-45908 Code Injection vulnerability in Paddlepaddle
In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr.
network
low complexity
paddlepaddle CWE-94
critical
9.8
2022-11-25 CVE-2022-41158 Code Injection vulnerability in Eyoom Builder
Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program.
network
low complexity
eyoom CWE-94
critical
9.8