Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-12-27 CVE-2023-49001 Code Injection vulnerability in Indibrowser Indi Browser 12.11.23
An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component.
network
low complexity
indibrowser CWE-94
critical
 9.8
9.8
2023-12-27 CVE-2023-43481 Code Injection vulnerability in TCL Browser TV web - Browsehere 6.65.022Dab24Cc6231221Gp
An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component.
network
low complexity
tcl CWE-94
critical
 9.8
9.8
2023-12-27 CVE-2023-43955 Code Injection vulnerability in Fedirtsapana TV BRO
The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView.
network
low complexity
fedirtsapana CWE-94
critical
 9.8
9.8
2023-12-27 CVE-2023-47883 Code Injection vulnerability in Vladymix TV Browser
The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity.
network
low complexity
vladymix CWE-94
critical
 9.8
9.8
2023-12-24 CVE-2023-7101 Code Injection vulnerability in multiple products
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files.
local
low complexity
jmcnamara debian fedoraproject CWE-94
7.8
7.8
2023-12-22 CVE-2023-51387 Code Injection vulnerability in Apache Hertzbeat
Hertzbeat is an open source, real-time monitoring system.
network
low complexity
apache CWE-94
8.8
8.8
2023-12-19 CVE-2023-49004 Code Injection vulnerability in Dlink Dir-850L Firmware Fw223Wwb01
An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter.
network
low complexity
dlink CWE-94
critical
 9.8
9.8
2023-12-18 CVE-2023-6691 Code Injection vulnerability in Cambiumnetworks Epmp Force 300-25 Firmware 4.7.0.1
Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges.
local
low complexity
cambiumnetworks CWE-94
7.8
7.8
2023-12-18 CVE-2023-32728 Code Injection vulnerability in Zabbix Zabbix-Agent2
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
network
low complexity
zabbix CWE-94
critical
 9.8
9.8
2023-12-17 CVE-2023-6899 Code Injection vulnerability in Rmountjoy92 Dashmachine 0.54
A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4.
network
low complexity
rmountjoy92 CWE-94
critical
 9.8
9.8