Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-07 | CVE-2023-46243 | Code Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2023-11-07 | CVE-2023-46845 | Code Injection vulnerability in Ec-Cube EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. | 7.2 |
| 2023-11-06 | CVE-2023-46731 | Code Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 9.8 |
| 2023-11-03 | CVE-2023-46947 | Code Injection vulnerability in Intelliants Subrion 4.2.1 Subrion 4.2.1 has a remote command execution vulnerability in the backend. | 8.8 |
| 2023-10-31 | CVE-2023-40050 | Code Injection vulnerability in Chef Automate Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution. | 8.8 |
| 2023-10-31 | CVE-2023-42658 | Code Injection vulnerability in Chef Inspec 5.0.0 Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile. | 7.8 |
| 2023-10-30 | CVE-2023-43792 | Code Injection vulnerability in Basercms baserCMS is a website development framework. | 9.8 |
| 2023-10-30 | CVE-2023-44141 | Code Injection vulnerability in Inkdrop Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file. | 7.8 |
| 2023-10-30 | CVE-2023-46865 | Code Injection vulnerability in Craterapp Crater /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. | 7.2 |
| 2023-10-27 | CVE-2023-46816 | Code Injection vulnerability in Sugarcrm An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. | 8.8 |