Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-26 | CVE-2023-30145 | Code Injection vulnerability in Tuzitio Camaleon CMS Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. | 9.8 |
| 2023-05-24 | CVE-2023-33246 | Code Injection vulnerability in Apache Rocketmq For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. | 9.8 |
| 2023-05-24 | CVE-2023-2859 | Code Injection vulnerability in Teampass Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 8.8 |
| 2023-05-23 | CVE-2023-32697 | Code Injection vulnerability in Sqlite Jdbc Project Sqlite Jdbc SQLite JDBC is a library for accessing and creating SQLite database files in Java. | 9.8 |
| 2023-05-23 | CVE-2023-25953 | Code Injection vulnerability in Worksmobile Drive Explorer 3.5.4 Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. | 9.8 |
| 2023-05-12 | CVE-2023-30130 | Code Injection vulnerability in Craftcms Craft CMS 3.8.1 An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter. | 8.8 |
| 2023-05-09 | CVE-2023-24955 | Code Injection vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 7.2 |
| 2023-05-08 | CVE-2023-2583 | Code Injection vulnerability in Jsreport Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. | 10.0 |
| 2023-05-04 | CVE-2023-31414 | Code Injection vulnerability in Elastic Kibana Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. | 8.8 |
| 2023-05-04 | CVE-2023-31415 | Code Injection vulnerability in Elastic Kibana 8.7.0 Kibana version 8.7.0 contains an arbitrary code execution flaw. | 8.8 |