Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-10-03 CVE-2023-3656 Code Injection vulnerability in Cashit Cashit! 03.A06Rks2023.02.37
cashIT! - serving solutions.
network
low complexity
cashit CWE-94
critical
 9.8
9.8
2023-09-28 CVE-2023-38877 Code Injection vulnerability in Economizzer 0.9/April2023
A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023).
network
low complexity
economizzer CWE-94
8.8
8.8
2023-09-28 CVE-2023-41450 Code Injection vulnerability in PHPkobo Ajaxnewsticker 1.0.5
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
network
low complexity
phpkobo CWE-94
8.8
8.8
2023-09-27 CVE-2023-43651 Code Injection vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
low complexity
fit2cloud CWE-94
critical
 9.9
9.9
2023-09-27 CVE-2023-5221 Code Injection vulnerability in Foru CMS Project Foru CMS
A vulnerability classified as critical has been found in ForU CMS.
network
low complexity
foru-cms-project CWE-94
critical
 9.8
9.8
2023-09-25 CVE-2023-0625 Code Injection vulnerability in Docker Desktop
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.
network
low complexity
docker CWE-94
critical
 9.8
9.8
2023-09-25 CVE-2023-0626 Code Injection vulnerability in Docker Desktop
Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.
network
low complexity
docker CWE-94
critical
 9.8
9.8
2023-09-22 CVE-2023-43270 Code Injection vulnerability in Dst-Admin Project Dst-Admin 1.5.0
dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate.
network
low complexity
dst-admin-project CWE-94
critical
 9.8
9.8
2023-09-21 CVE-2023-4291 Code Injection vulnerability in Frauscher Diagnostic System 101 1.3.3/1.4.24
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device.
network
low complexity
frauscher CWE-94
critical
 9.8
9.8
2023-09-20 CVE-2023-0462 Code Injection vulnerability in multiple products
An arbitrary code execution flaw was found in Foreman.
network
low complexity
theforeman redhat CWE-94
critical
 9.1
9.1