Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-5044 | Code Injection vulnerability in Kubernetes Ingress-Nginx Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | 8.8 |
| 2023-10-25 | CVE-2023-37909 | Code Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2023-10-19 | CVE-2023-41898 | Code Injection vulnerability in Home-Assistant Home Assistant Companion Home assistant is an open source home automation. | 7.8 |
| 2023-10-17 | CVE-2023-41630 | Code Injection vulnerability in Esst Monitoring 2.147.1 eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component. | 9.8 |
| 2023-10-12 | CVE-2023-29453 | Code Injection vulnerability in Zabbix Zabbix-Agent2 5.0.0/6.0.0/6.4.0 Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. | 9.8 |
| 2023-10-06 | CVE-2023-45311 | Code Injection vulnerability in Fsevents Project Fsevents fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary. | 9.8 |
| 2023-10-04 | CVE-2023-3665 | Code Injection vulnerability in Trellix Endpoint Security A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code. | 7.8 |
| 2023-10-03 | CVE-2023-3656 | Code Injection vulnerability in Cashit Cashit! 03.A06Rks2023.02.37 cashIT! - serving solutions. | 9.8 |
| 2023-09-28 | CVE-2023-38877 | Code Injection vulnerability in Economizzer 0.9/April2023 A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). | 8.8 |
| 2023-09-28 | CVE-2023-41450 | Code Injection vulnerability in PHPkobo Ajaxnewsticker 1.0.5 An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. | 8.8 |