Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-06 | CVE-2022-35847 | Code Injection vulnerability in Fortinet Fortisoar An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload. | 8.8 |
| 2022-09-02 | CVE-2022-25813 | Code Injection vulnerability in Apache Ofbiz In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. | 7.5 |
| 2022-08-28 | CVE-2022-36756 | Code Injection vulnerability in Dlink Dir-845L Firmware DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | 9.8 |
| 2022-08-28 | CVE-2022-37053 | Code Injection vulnerability in Trendnet Tew733Gr Firmware 1.03B01 TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. | 9.8 |
| 2022-08-24 | CVE-2022-38078 | Code Injection vulnerability in Sixapart Movable Type Movable Type XMLRPC API provided by Six Apart Ltd. | 9.8 |
| 2022-08-17 | CVE-2022-35516 | Code Injection vulnerability in Dedecms DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. | 9.8 |
| 2022-08-17 | CVE-2022-36216 | Code Injection vulnerability in Dedecms DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. | 7.2 |
| 2022-08-16 | CVE-2022-38193 | Code Injection vulnerability in Esri Portal for Arcgis There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution. | 9.6 |
| 2022-08-15 | CVE-2022-36262 | Code Injection vulnerability in Taogogo Taocms 3.0.2 An issue was discovered in taocms 3.0.2. | 9.8 |
| 2022-08-10 | CVE-2022-30580 | Code Injection vulnerability in Golang GO Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. | 7.8 |