Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,471)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-28796 1Zscaler 1Client Connector Jun 17, 2026 Oct 23, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.
CVE-2023-28793 1Zscaler 1Client Connector Jun 17, 2026 Oct 23, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.
CVE-2023-46055 1Thingnario 1Photon Jun 17, 2026 Oct 21, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint.
CVE-2023-41898 1Home Assistant 1Home Assistant Companion Jun 17, 2026 Oct 19, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbi...Show more Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`.Show less
CVE-2023-30131 1Ixpdata 1Easyinstall Jun 17, 2026 Oct 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls.
CVE-2023-46042 1Get Simple 1Getsimplecms Jun 17, 2026 Oct 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().
CVE-2023-41630 1Esst 1Esst Monitoring Jun 17, 2026 Oct 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component.
CVE-2023-45144 1Xwiki 1Oauth Identity Jun 17, 2026 Oct 16, 2023 N/A· v4 9.6 CRITICAL· v3 N/A· v2 com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the...Show more com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting (XSS) and XWiki syntax injection. This allows remote code execution via the groovy macro and thus affects the confidentiality, integrity and availability of the whole XWiki installation. The issue has been fixed in Identity OAuth version 1.6. There are no known workarounds for this vulnerability and users are advised to upgrade.Show less
CVE-2023-29453 1Zabbix 1Zabbix Agent2 Jun 17, 2026 Oct 12, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action w...Show more Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g., "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template. Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.Show less
CVE-2023-43661 1All Three 1Cachet Jun 17, 2026 Oct 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig ve...Show more Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue.Show less
CVE-2023-36789 1Microsoft 1Skype For Business Server Jun 17, 2026 Oct 10, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Skype for Business Remote Code Execution Vulnerability
CVE-2023-36718 1Microsoft 10Windows 10 1507 Windows 10 1607Windows 10 1809+7 more Jun 17, 2026 Oct 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability
CVE-2023-36702 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Jun 17, 2026 Oct 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft DirectMusic Remote Code Execution Vulnerability
CVE-2023-36592 1Microsoft 12Windows 10 Windows 10 1607Windows 10 1809+9 more Jun 17, 2026 Oct 10, 2023 N/A· v4 7.3 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2023-36591 1Microsoft 12Windows 10 Windows 10 1607Windows 10 1809+9 more Jun 17, 2026 Oct 10, 2023 N/A· v4 7.3 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2023-36589 1Microsoft 12Windows 10 Windows 10 1607Windows 10 1809+9 more Jun 17, 2026 Oct 10, 2023 N/A· v4 7.3 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2023-36575 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Jun 17, 2026 Oct 10, 2023 N/A· v4 7.3 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2023-36574 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Jun 17, 2026 Oct 10, 2023 N/A· v4 7.3 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2023-36573 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Jun 17, 2026 Oct 10, 2023 N/A· v4 7.3 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2023-36572 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Jun 17, 2026 Oct 10, 2023 N/A· v4 7.3 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Previous 1...159160161...324 Next