Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-01 | CVE-2022-3713 | Code Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. | 8.8 |
| 2022-11-26 | CVE-2022-45907 | Code Injection vulnerability in Linuxfoundation Pytorch In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. | 9.8 |
| 2022-11-26 | CVE-2022-45908 | Code Injection vulnerability in Paddlepaddle In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. | 9.8 |
| 2022-11-22 | CVE-2022-41223 | Code Injection vulnerability in Mitel Mivoice Connect 19.1/19.3 The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. | 6.8 |
| 2022-11-18 | CVE-2022-45132 | Code Injection vulnerability in Linaro Lava In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. | 9.8 |
| 2022-11-14 | CVE-2022-40127 | Code Injection vulnerability in Apache Airflow A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. | 8.8 |
| 2022-11-11 | CVE-2022-41882 | Code Injection vulnerability in Nextcloud Desktop 3.6.0 The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. | 7.8 |
| 2022-11-08 | CVE-2022-41205 | Code Injection vulnerability in SAP GUI 7.70 SAP GUI allows an authenticated attacker to execute scripts in the local network. | 6.1 |
| 2022-11-07 | CVE-2022-3418 | Code Injection vulnerability in Soflyy WP ALL Import The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files | 7.2 |
| 2022-11-04 | CVE-2022-43572 | Code Injection vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. | 6.5 |