Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-04-29 CVE-2021-21415 Prisma VS Code a VSCode extension for Prisma schema files. 0.0
2021-04-22 CVE-2021-29465 Code Injection vulnerability in Discord Discord-Recon 0.0.1/0.0.2/0.0.3
Discord-Recon is a bot for the Discord chat service.
network
low complexity
discord CWE-94
7.5
2021-04-20 CVE-2021-29461 Code Injection vulnerability in Discord-Recon Project Discord-Recon 0.0.2
### Impact - This issue could be exploited to read internal files from the system and write files into the system resulting in remote code execution ### Patches - This issue has been fixed on 0.0.3 version by adding a regex that validate if there's any arguments on the command.
network
low complexity
discord-recon-project CWE-94
critical
9.0
2021-04-13 CVE-2021-29440 Code Injection vulnerability in Getgrav Grav
Grav is a file based Web-platform.
network
low complexity
getgrav CWE-94
6.5
2021-04-09 CVE-2021-21433 Code Injection vulnerability in Discord-Recon Project Discord-Recon
Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord.
network
low complexity
discord-recon-project CWE-94
6.5
2021-04-08 CVE-2021-1362 Code Injection vulnerability in Cisco products
A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
network
low complexity
cisco CWE-94
critical
9.0
2021-03-30 CVE-2021-26810 Code Injection vulnerability in Dlink Dir-816 Firmware 1.10B05
D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability.
network
low complexity
dlink CWE-94
critical
10.0
2021-03-29 CVE-2021-23358 Code Injection vulnerability in multiple products
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
network
low complexity
underscorejs debian CWE-94
7.5
2021-03-26 CVE-2020-28695 Code Injection vulnerability in Askey Rtf3505Vw-N1 BR SV G000 R3505Vwn1001 S32 7 Firmware
Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root.
low complexity
askey CWE-94
8.3
2021-03-25 CVE-2021-27438 Code Injection vulnerability in GE Reason Dr60 Firmware
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).
network
low complexity
ge CWE-94
6.5