Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-06 | CVE-2022-35847 | Code Injection vulnerability in Fortinet Fortisoar An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload. | 8.8 |
| 2022-09-02 | CVE-2022-25813 | Code Injection vulnerability in Apache Ofbiz In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. | 7.5 |
| 2022-08-29 | CVE-2022-36036 | Code Injection vulnerability in Mdx-Mermaid Project Mdx-Mermaid mdx-mermaid provides plug and play access to Mermaid in MDX. | 7.8 |
| 2022-08-28 | CVE-2022-36756 | Code Injection vulnerability in Dlink Dir-845L Firmware DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | 9.8 |
| 2022-08-28 | CVE-2022-37053 | Code Injection vulnerability in Trendnet Tew733Gr Firmware 1.03B01 TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. | 9.8 |
| 2022-08-24 | CVE-2022-38078 | Code Injection vulnerability in Sixapart Movable Type Movable Type XMLRPC API provided by Six Apart Ltd. | 9.8 |
| 2022-08-22 | CVE-2022-25812 | Code Injection vulnerability in Transposh Wordpress Translation The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE | 7.2 |
| 2022-08-17 | CVE-2022-35516 | Code Injection vulnerability in Dedecms DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. | 9.8 |
| 2022-08-17 | CVE-2022-36216 | Code Injection vulnerability in Dedecms DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. | 7.2 |
| 2022-08-16 | CVE-2022-38193 | Code Injection vulnerability in Esri Portal for Arcgis There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution. | 9.6 |