Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-16 | CVE-2023-29214 | Code Injection vulnerability in Xwiki XWiki Commons are technical libraries common to several other top level XWiki projects. | 8.8 |
| 2023-04-15 | CVE-2020-29007 | Code Injection vulnerability in Mediawiki Score 0.3.0 The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. | 9.8 |
| 2023-04-15 | CVE-2023-29209 | Code Injection vulnerability in Xwiki XWiki Commons are technical libraries common to several other top level XWiki projects. | 8.8 |
| 2023-04-15 | CVE-2023-29210 | Code Injection vulnerability in Xwiki XWiki Commons are technical libraries common to several other top level XWiki projects. | 8.8 |
| 2023-04-11 | CVE-2023-29492 | Code Injection vulnerability in 3Rdmill Novi Survey Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. | 9.8 |
| 2023-04-07 | CVE-2023-1947 | Code Injection vulnerability in Taogogo Taocms 3.0.2 A vulnerability was found in taoCMS 3.0.2. | 9.8 |
| 2023-04-07 | CVE-2023-28706 | Code Injection vulnerability in Apache Airflow Hive Provider Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0. | 9.8 |
| 2023-04-06 | CVE-2023-24538 | Code Injection vulnerability in Golang GO Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. | 9.8 |
| 2023-04-03 | CVE-2022-3960 | Code Injection vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. | 6.3 |
| 2023-04-03 | CVE-2022-43938 | Code Injection vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. | 8.8 |