Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-07-19 CVE-2021-24453 The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure 0.0
2021-07-14 CVE-2021-33678 Code Injection vulnerability in SAP Netweaver AS Abap
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
7.5
2021-07-12 CVE-2021-23389 Code Injection vulnerability in Totaljs Total.Js
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
network
low complexity
totaljs CWE-94
7.5
2021-07-12 CVE-2021-23390 Code Injection vulnerability in Totaljs Total4
The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
network
low complexity
totaljs CWE-94
7.5
2021-07-08 CVE-2021-1585 Code Injection vulnerability in Cisco Adaptive Security Device Manager
A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system.
network
cisco CWE-94
critical
9.3
2021-06-30 CVE-2021-27903 Code Injection vulnerability in Craftcms Craft CMS
An issue was discovered in Craft CMS before 3.6.7.
network
low complexity
craftcms CWE-94
7.5
2021-06-28 CVE-2021-35514 Code Injection vulnerability in Narou Project Narou
Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel.
network
low complexity
narou-project CWE-94
7.5
2021-06-25 CVE-2021-25654 Code Injection vulnerability in Avaya Aura Device Services
An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts.
local
low complexity
avaya CWE-94
4.6
2021-06-24 CVE-2020-21784 Code Injection vulnerability in PHPwcms 1.9.13
phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php.
network
low complexity
phpwcms CWE-94
7.5
2021-06-17 CVE-2020-25414 Code Injection vulnerability in Monstra 3.0.4
A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code.
network
low complexity
monstra CWE-94
7.5