CVE-2023-47840

Improper Control of Generation of Code 'Code Injection' vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2...

CVE-2023-49830

Improper Control of Generation of Code 'Code Injection' vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1...

CVE-2023-6125

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2...

CVE-2023-22677

Improper Control of Generation of Code 'Code Injection' vulnerability in BinaryStash WP Booklet.This issue affects WP Booklet: from n/a through 2.1.8...

CVE-2023-22381

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to...

CVE-2023-39157

Improper Control of Generation of Code 'Code Injection' vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10...

CVE-2023-0792

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11...

CVE-2023-35926

Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and...

CVE-2023-44141

Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file...

CVE-2023-6899

A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/saveconfig of the component Config Handler. The manipulation of the argument valuetemplate leads to code injection. The exploit ha...

CVE-2023-39022

oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument...

CVE-2023-39021

wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument...

CVE-2023-39015

webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader...

CVE-2023-3393

Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1...

CVE-2023-32546

Code injection vulnerability exists in Chatwork Desktop Application Mac 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent...

CVE-2023-2859

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9...

CVE-2023-6996

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vgdisplaydata shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. This...

CVE-2023-6131

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2...

CVE-2022-24746

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue...

CVE-2021-27600

SAP Manufacturing Execution System Rules, versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution System Rules tab does not sufficiently encode some parameters, resulting in Stored...