Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-07 | CVE-2023-28706 | Code Injection vulnerability in Apache Airflow Hive Provider Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0. | 9.8 |
| 2023-04-06 | CVE-2023-24538 | Code Injection vulnerability in Golang GO Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. | 9.8 |
| 2023-04-03 | CVE-2022-3960 | Code Injection vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. | 6.3 |
| 2023-04-03 | CVE-2022-43938 | Code Injection vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. | 8.8 |
| 2023-04-03 | CVE-2022-43769 | Code Injection vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. | 7.2 |
| 2023-03-31 | CVE-2023-1773 | Code Injection vulnerability in Rockoa 2.3.2 A vulnerability was found in Rockoa 2.3.2. | 9.8 |
| 2023-03-27 | CVE-2023-24835 | Code Injection vulnerability in Softnext Spam SQR Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. | 7.2 |
| 2023-03-23 | CVE-2023-28333 | Code Injection vulnerability in multiple products The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). | 9.8 |
| 2023-03-21 | CVE-2023-24709 | Code Injection vulnerability in Paradox Ipr512 Firmware An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters. | 7.5 |
| 2023-03-21 | CVE-2023-1304 | Code Injection vulnerability in Rapid7 Insightappsec and Insightcloudsec An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. | 8.8 |