Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-07 | CVE-2022-46742 | Code Injection vulnerability in Paddlepaddle 2.4.0 Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. | 9.8 |
| 2022-12-07 | CVE-2022-43660 | Code Injection vulnerability in Sixapart Movable Type Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. | 7.2 |
| 2022-12-06 | CVE-2022-46333 | Code Injection vulnerability in Proofpoint Enterprise Protection The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. | 7.2 |
| 2022-12-06 | CVE-2022-4300 | Code Injection vulnerability in Xjd2020 Fastcms A vulnerability was found in FastCMS. | 8.8 |
| 2022-12-01 | CVE-2022-3696 | Code Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. | 7.2 |
| 2022-12-01 | CVE-2022-3713 | Code Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. | 8.8 |
| 2022-11-26 | CVE-2022-45907 | Code Injection vulnerability in Linuxfoundation Pytorch In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. | 9.8 |
| 2022-11-26 | CVE-2022-45908 | Code Injection vulnerability in Paddlepaddle In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. | 9.8 |
| 2022-11-22 | CVE-2022-41223 | Code Injection vulnerability in Mitel Mivoice Connect 19.1/19.3 The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. | 6.8 |
| 2022-11-18 | CVE-2022-45132 | Code Injection vulnerability in Linaro Lava In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. | 9.8 |