Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-03 | CVE-2022-43571 | Code Injection vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. | 8.8 |
| 2022-10-27 | CVE-2022-39365 | Code Injection vulnerability in Pimcore Pimcore is an open source data and experience management platform. | 9.8 |
| 2022-10-25 | CVE-2022-39326 | Code Injection vulnerability in Kartverket Github-Workflows kartverket/github-workflows are shared reusable workflows for GitHub Actions. | 8.8 |
| 2022-10-25 | CVE-2022-3394 | Code Injection vulnerability in Soflyy WP ALL Export The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. | 7.2 |
| 2022-10-13 | CVE-2022-35944 | Code Injection vulnerability in Octobercms October October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. | 7.2 |
| 2022-10-13 | CVE-2022-42889 | Code Injection vulnerability in multiple products Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. | 9.8 |
| 2022-10-12 | CVE-2022-40871 | Code Injection vulnerability in Dolibarr Erp/Crm Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. | 9.8 |
| 2022-09-28 | CVE-2022-40486 | Code Injection vulnerability in Tp-Link Archer Ax10 V1 Firmware 1.3.1 TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. | 8.8 |
| 2022-09-23 | CVE-2022-40628 | Code Injection vulnerability in Tacitine products This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the Tacitine Firewall web-based management interface. | 9.8 |
| 2022-09-23 | CVE-2022-3236 | Code Injection vulnerability in Sophos Firewall 19.0.1 A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | 9.8 |