Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-10-30 CVE-2023-43792 Code Injection vulnerability in Basercms
baserCMS is a website development framework.
network
low complexity
basercms CWE-94
critical
9.8
2023-10-30 CVE-2023-44141 Code Injection vulnerability in Inkdrop
Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file.
local
low complexity
inkdrop CWE-94
7.8
2023-10-30 CVE-2023-46865 Code Injection vulnerability in Craterapp Crater
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
network
low complexity
craterapp CWE-94
7.2
2023-10-27 CVE-2023-46816 Code Injection vulnerability in Sugarcrm
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2.
network
low complexity
sugarcrm CWE-94
8.8
2023-10-27 CVE-2023-46818 Code Injection vulnerability in Ispconfig
An issue was discovered in ISPConfig before 3.2.11p1.
network
low complexity
ispconfig CWE-94
7.2
2023-10-26 CVE-2023-5623 Code Injection vulnerability in Tenable Nessus Network Monitor
NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location
local
low complexity
tenable CWE-94
7.8
2023-10-25 CVE-2023-5044 Code Injection vulnerability in Kubernetes Ingress-Nginx
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
network
low complexity
kubernetes CWE-94
8.8
2023-10-25 CVE-2023-37909 Code Injection vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-94
8.8
2023-10-19 CVE-2023-41898 Code Injection vulnerability in Home-Assistant Home Assistant Companion
Home assistant is an open source home automation.
local
low complexity
home-assistant CWE-94
7.8
2023-10-17 CVE-2023-41630 Code Injection vulnerability in Esst Monitoring 2.147.1
eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component.
network
low complexity
esst CWE-94
critical
9.8