Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-21 | CVE-2023-1306 | Code Injection vulnerability in Rapid7 Insightappsec and Insightcloudsec An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. | 8.8 |
| 2023-03-20 | CVE-2023-1250 | Code Injection vulnerability in Otrs Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. | 7.8 |
| 2023-03-18 | CVE-2023-1482 | Code Injection vulnerability in Hkcms Project Hkcms 2.2.4.230206 A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. | 8.8 |
| 2023-03-16 | CVE-2023-0598 | Code Injection vulnerability in GE Ifix 2022/6.1/6.5 GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. | 9.8 |
| 2023-03-14 | CVE-2023-27893 | Code Injection vulnerability in SAP Solution Manager 740 An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable. | 8.8 |
| 2023-03-13 | CVE-2023-0888 | Code Injection vulnerability in Bbraun Battery-Pack SP With Wifi Firmware 053L000092/054U000092 An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. | 7.2 |
| 2023-03-13 | CVE-2023-1367 | Code Injection vulnerability in Easyappointments Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 3.8 |
| 2023-03-09 | CVE-2023-1287 | Code Injection vulnerability in 3DS Enovia Live Collaboration An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. | 9.8 |
| 2023-03-09 | CVE-2023-27986 | Code Injection vulnerability in GNU Emacs 28.1/28.2 emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. | 7.8 |
| 2023-03-08 | CVE-2023-1283 | Code Injection vulnerability in Builder Qwik Code Injection in GitHub repository builderio/qwik prior to 0.21.0. | 9.8 |