Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-12 | CVE-2023-30130 | Code Injection vulnerability in Craftcms Craft CMS 3.8.1 An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter. | 8.8 |
2023-05-04 | CVE-2023-31414 | Code Injection vulnerability in Elastic Kibana Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. | 8.8 |
2023-05-04 | CVE-2023-31415 | Code Injection vulnerability in Elastic Kibana 8.7.0 Kibana version 8.7.0 contains an arbitrary code execution flaw. | 8.8 |
2023-05-03 | CVE-2023-1178 | Code Injection vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. | 5.7 |
2023-04-28 | CVE-2023-26782 | Code Injection vulnerability in Chshcms Mccms 2.6.1 An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters. | 6.5 |
2023-04-24 | CVE-2023-2259 | Code Injection vulnerability in ALF Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | 7.2 |
2023-04-24 | CVE-2023-26060 | Code Injection vulnerability in Nokia Netact 18A An issue was discovered in Nokia NetAct before 22 FP2211. | 8.8 |
2023-04-21 | CVE-2022-36963 | Code Injection vulnerability in Solarwinds Orion Platform The SolarWinds Platform was susceptible to the Command Injection Vulnerability. | 7.2 |
2023-04-18 | CVE-2023-25550 | Code Injection vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | 9.8 |
2023-04-17 | CVE-2023-2017 | Code Injection vulnerability in Shopware Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\Core\Framework\Adapter\Twig\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. | 8.8 |