Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2023-49070 | Code Injection vulnerability in Apache Ofbiz Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 | 9.8 |
| 2023-12-04 | CVE-2023-5762 | Code Injection vulnerability in Filr Project Filr The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. | 8.8 |
| 2023-12-01 | CVE-2023-44381 | Code Injection vulnerability in Octobercms October October is a Content Management System (CMS) and web platform to assist with development workflow. | 4.9 |
| 2023-12-01 | CVE-2023-44382 | Code Injection vulnerability in Octobercms October October is a Content Management System (CMS) and web platform to assist with development workflow. | 9.1 |
| 2023-11-28 | CVE-2023-49313 | Code Injection vulnerability in Horsicq Xmachoviewer 0.04 A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. | 9.8 |
| 2023-11-28 | CVE-2023-49314 | Code Injection vulnerability in Asana Desktop 2.1.0 Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. | 7.8 |
| 2023-11-22 | CVE-2021-22150 | Code Injection vulnerability in Elastic Kibana It was discovered that a user with Fleet admin permissions could upload a malicious package. | 7.2 |
| 2023-11-21 | CVE-2023-48699 | Code Injection vulnerability in Ubertidavide Fastbots 0.1.1/0.1.2/0.1.3 fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. | 9.8 |
| 2023-11-21 | CVE-2023-48226 | Code Injection vulnerability in Openreplay OpenReplay is a self-hosted session replay suite. | 3.5 |
| 2023-11-20 | CVE-2023-48192 | Code Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202 An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. | 7.8 |