Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-27 | CVE-2023-46818 | Code Injection vulnerability in Ispconfig An issue was discovered in ISPConfig before 3.2.11p1. | 7.2 |
| 2023-10-26 | CVE-2023-5623 | Code Injection vulnerability in Tenable Nessus Network Monitor NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location | 7.8 |
| 2023-10-25 | CVE-2023-5044 | Code Injection vulnerability in Kubernetes Ingress-Nginx Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | 8.8 |
| 2023-10-25 | CVE-2023-37909 | Code Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2023-10-19 | CVE-2023-41898 | Code Injection vulnerability in Home-Assistant Home Assistant Companion Home assistant is an open source home automation. | 7.8 |
| 2023-10-17 | CVE-2023-41630 | Code Injection vulnerability in Esst Monitoring 2.147.1 eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component. | 9.8 |
| 2023-10-12 | CVE-2023-29453 | Code Injection vulnerability in Zabbix Zabbix-Agent2 5.0.0/6.0.0/6.4.0 Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. | 9.8 |
| 2023-10-10 | CVE-2023-43625 | Code Injection vulnerability in Siemens Simcenter Amesim A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). | 9.8 |
| 2023-10-06 | CVE-2023-45311 | Code Injection vulnerability in Fsevents Project Fsevents fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary. | 9.8 |
| 2023-10-04 | CVE-2023-3665 | Code Injection vulnerability in Trellix Endpoint Security A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code. | 7.8 |