Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-18 | CVE-2023-40221 | Code Injection vulnerability in Socomec Modulys GP Firmware 01.12.10 The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section (MAIL SERVER) where the information is displayed. | 8.8 |
| 2023-09-15 | CVE-2023-4977 | Code Injection vulnerability in Librenms Code Injection in GitHub repository librenms/librenms prior to 23.9.0. | 5.4 |
| 2023-09-13 | CVE-2023-41892 | Code Injection vulnerability in Craftcms Craft CMS Craft CMS is a platform for creating digital experiences. | 9.8 |
| 2023-09-12 | CVE-2023-40621 | Code Injection vulnerability in SAP Powerdesigner 16.7 SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. | 6.3 |
| 2023-09-11 | CVE-2023-42470 | Code Injection vulnerability in Imoulife Life 6.8.0 The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. | 9.8 |
| 2023-09-11 | CVE-2023-42471 | Code Injection vulnerability in Wave-Ai Wave 1.0.35 The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. | 9.8 |
| 2023-09-08 | CVE-2023-39320 | Code Injection vulnerability in Golang GO 1.21.0/1.21.00 The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. | 9.8 |
| 2023-09-06 | CVE-2023-39956 | Code Injection vulnerability in Electronjs Electron Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. | 6.6 |
| 2023-09-06 | CVE-2023-38484 | Code Injection vulnerability in Arubanetworks Arubaos Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. | 6.4 |
| 2023-09-05 | CVE-2023-39681 | Code Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. | 9.8 |