Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-12 | CVE-2023-29453 | Code Injection vulnerability in Zabbix Zabbix-Agent2 5.0.0/6.0.0/6.4.0 Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. | 9.8 |
| 2023-10-06 | CVE-2023-45311 | Code Injection vulnerability in Fsevents Project Fsevents fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary. | 9.8 |
| 2023-10-04 | CVE-2023-3665 | Code Injection vulnerability in Trellix Endpoint Security A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code. | 7.8 |
| 2023-10-03 | CVE-2023-3656 | Code Injection vulnerability in Cashit Cashit! 03.A06Rks2023.02.37 cashIT! - serving solutions. | 9.8 |
| 2023-09-28 | CVE-2023-38877 | Code Injection vulnerability in Economizzer 0.9/April2023 A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). | 8.8 |
| 2023-09-28 | CVE-2023-41450 | Code Injection vulnerability in PHPkobo Ajaxnewsticker 1.0.5 An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. | 8.8 |
| 2023-09-27 | CVE-2023-43651 | Code Injection vulnerability in Fit2Cloud Jumpserver JumpServer is an open source bastion host. | 9.9 |
| 2023-09-25 | CVE-2023-0625 | Code Injection vulnerability in Docker Desktop Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. | 9.8 |
| 2023-09-25 | CVE-2023-0626 | Code Injection vulnerability in Docker Desktop Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. | 9.8 |
| 2023-09-22 | CVE-2023-43270 | Code Injection vulnerability in Dst-Admin Project Dst-Admin 1.5.0 dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. | 9.8 |