Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-15 | CVE-2023-38889 | Code Injection vulnerability in Alluxio An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String). | 9.8 |
| 2023-08-09 | CVE-2023-33469 | Code Injection vulnerability in Kramerav VIA Connect2 Firmware and VIA GO2 Firmware In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level. | 7.8 |
| 2023-08-08 | CVE-2023-36923 | Code Injection vulnerability in SAP Powerdesigner 16.7 SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. | 7.8 |
| 2023-08-05 | CVE-2023-36095 | Code Injection vulnerability in Langchain 0.0.194 An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt. | 9.8 |
| 2023-08-05 | CVE-2023-38943 | Code Injection vulnerability in Shuize 0X727 Project Shuize 0X727 1.0 ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /iniFile/config.ini. | 8.8 |
| 2023-08-04 | CVE-2023-37470 | Code Injection vulnerability in Metabase Metabase is an open-source business intelligence and analytics platform. | 9.8 |
| 2023-08-03 | CVE-2023-36255 | Code Injection vulnerability in Eramba 3.19.1 An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL. | 8.8 |
| 2023-08-02 | CVE-2023-3401 | Code Injection vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. | 6.5 |
| 2023-07-31 | CVE-2023-34644 | Code Injection vulnerability in Ruijie products Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth. | 9.8 |
| 2023-07-31 | CVE-2023-34842 | Code Injection vulnerability in Dedecms Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. | 9.8 |