Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-03 | CVE-2022-43769 | Code Injection vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. | 7.2 |
| 2023-03-31 | CVE-2023-1773 | Code Injection vulnerability in Rockoa 2.3.2 A vulnerability was found in Rockoa 2.3.2. | 9.8 |
| 2023-03-23 | CVE-2023-28333 | Code Injection vulnerability in multiple products The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). | 9.8 |
| 2023-03-21 | CVE-2023-24709 | Code Injection vulnerability in Paradox Ipr512 Firmware An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters. | 7.5 |
| 2023-03-21 | CVE-2023-1304 | Code Injection vulnerability in Rapid7 Insightappsec and Insightcloudsec An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. | 8.8 |
| 2023-03-21 | CVE-2023-1306 | Code Injection vulnerability in Rapid7 Insightappsec and Insightcloudsec An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. | 8.8 |
| 2023-03-20 | CVE-2023-1250 | Code Injection vulnerability in Otrs Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. | 7.8 |
| 2023-03-13 | CVE-2023-0888 | Code Injection vulnerability in Bbraun Battery-Pack SP With Wifi Firmware 053L000092/054U000092 An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. | 7.2 |
| 2023-03-13 | CVE-2023-1367 | Code Injection vulnerability in Easyappointments Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 3.8 |
| 2023-03-09 | CVE-2023-1287 | Code Injection vulnerability in 3DS Enovia Live Collaboration An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. | 9.8 |