Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-22 | CVE-2021-33493 | Code Injection vulnerability in Open-Xchange OX APP Suite 7.10.5 The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. | 3.6 |
| 2021-11-19 | CVE-2021-22053 | Code Injection vulnerability in VMWare Spring Cloud Netflix Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. | 6.5 |
| 2021-11-15 | CVE-2021-41269 | Code Injection vulnerability in Cron-Utils Project Cron-Utils cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. | 6.8 |
| 2021-11-13 | CVE-2021-41653 | Code Injection vulnerability in Tp-Link Tl-Wr840N Firmware The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | 10.0 |
| 2021-11-10 | CVE-2021-33816 | Code Injection vulnerability in Dolibarr 13.0.2 The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. | 7.5 |
| 2021-11-10 | CVE-2021-42296 | Code Injection vulnerability in Microsoft 365 Apps and Office Microsoft Word Remote Code Execution Vulnerability | 6.9 |
| 2021-11-10 | CVE-2021-42298 | Code Injection vulnerability in Microsoft Malware Protection Engine Microsoft Defender Remote Code Execution Vulnerability | 9.3 |
| 2021-11-10 | CVE-2021-43208 | Code Injection vulnerability in Microsoft 3D Viewer 3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-43209. | 6.8 |
| 2021-11-09 | CVE-2020-28419 | Code Injection vulnerability in HP products During installation with certain driver software or application packages an arbitrary code execution could occur. | 6.8 |
| 2021-11-09 | CVE-2021-43466 | Code Injection vulnerability in Thymeleaf 3.0.12 In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution. | 6.8 |