Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-05-19 CVE-2022-28960 Code Injection vulnerability in Spip
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
network
low complexity
spip CWE-94
6.5
2022-05-16 CVE-2021-27446 Code Injection vulnerability in Weintek products
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
network
low complexity
weintek CWE-94
critical
10.0
2022-05-16 CVE-2022-0578 Code Injection vulnerability in Publify Project Publify
Code Injection in GitHub repository publify/publify prior to 9.2.8.
network
low complexity
publify-project CWE-94
6.4
2022-05-12 CVE-2022-29307 Code Injection vulnerability in Ionizecms Ionize 1.0.8.1
IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php.
network
low complexity
ionizecms CWE-94
7.5
2022-05-11 CVE-2021-42651 Code Injection vulnerability in Pentest Collaboration Framework Project Pentest Collaboration Framework 1.0.8
A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/.
6.5
2022-05-10 CVE-2022-29115 Code Injection vulnerability in Microsoft products
Windows Fax Service Remote Code Execution Vulnerability.
network
microsoft CWE-94
6.8
2022-05-06 CVE-2022-24817 Code Injection vulnerability in Fluxcd Kustomize-Controller
Flux2 is an open and extensible continuous delivery solution for Kubernetes.
network
low complexity
fluxcd CWE-94
6.5
2022-05-04 CVE-2022-28096 Code Injection vulnerability in Skycaiji 2.4
Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php.
network
low complexity
skycaiji CWE-94
6.5
2022-04-28 CVE-2022-29813 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible
local
low complexity
jetbrains CWE-94
4.6
2022-04-28 CVE-2022-29814 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible
4.4