Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-02-17 CVE-2020-36245 Code Injection vulnerability in Gramaddict
GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent.
low complexity
gramaddict CWE-94
5.8
2021-02-16 CVE-2021-27236 Code Injection vulnerability in Mutare Voice 3.0.0/3.2.6/3.3.7
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8.
network
low complexity
mutare CWE-94
7.5
2021-02-15 CVE-2020-22427 Code Injection vulnerability in Nagios XI 5.6.11
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability.
network
low complexity
nagios CWE-94
6.5
2021-02-12 CVE-2021-26753 Code Injection vulnerability in Nedi 1.9C
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter.
network
low complexity
nedi CWE-94
6.5
2021-02-11 CVE-2021-23334 Code Injection vulnerability in Static-Eval Project Static-Eval
All versions of package static-eval are vulnerable to Arbitrary Code Execution using FunctionExpressions and TemplateLiterals.
network
low complexity
static-eval-project CWE-94
7.5
2021-02-10 CVE-2021-25251 Code Injection vulnerability in Trendmicro products
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection.
network
low complexity
trendmicro CWE-94
6.5
2021-02-09 CVE-2021-21477 Code Injection vulnerability in SAP Commerce
SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.
network
low complexity
sap CWE-94
critical
9.0
2021-02-09 CVE-2021-26551 Code Injection vulnerability in Smartfoxserver 2.17.0
An issue was discovered in SmartFoxServer 2.17.0.
6.0
2021-02-08 CVE-2021-22502 Code Injection vulnerability in Microfocus Operation Bridge Reporter 10.40
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40.
network
low complexity
microfocus CWE-94
critical
10.0
2021-02-05 CVE-2021-20623 Code Injection vulnerability in Panasonic Video Insight VMS 7.3.2.5/7.5
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.
network
low complexity
panasonic CWE-94
critical
10.0