Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-22 | CVE-2021-22150 | Code Injection vulnerability in Elastic Kibana It was discovered that a user with Fleet admin permissions could upload a malicious package. | 7.2 |
| 2023-11-21 | CVE-2023-48699 | Code Injection vulnerability in Ubertidavide Fastbots 0.1.1/0.1.2/0.1.3 fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. | 9.8 |
| 2023-11-21 | CVE-2023-48226 | Code Injection vulnerability in Openreplay OpenReplay is a self-hosted session replay suite. | 3.5 |
| 2023-11-20 | CVE-2023-48192 | Code Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202 An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. | 7.8 |
| 2023-11-15 | CVE-2023-47444 | Code Injection vulnerability in Opencart An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server. | 8.8 |
| 2023-11-09 | CVE-2023-5539 | Code Injection vulnerability in multiple products A remote code execution risk was identified in the Lesson activity. | 8.8 |
| 2023-11-09 | CVE-2023-5540 | Code Injection vulnerability in multiple products A remote code execution risk was identified in the IMSCP activity. | 8.8 |
| 2023-11-08 | CVE-2023-45849 | Code Injection vulnerability in Perforce Helix Core An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. | 9.8 |
| 2023-11-08 | CVE-2023-47397 | Code Injection vulnerability in Webidsupport Webid WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php. | 9.8 |
| 2023-11-07 | CVE-2023-46845 | Code Injection vulnerability in Ec-Cube EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. | 7.2 |