Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-11-22 CVE-2021-33493 Code Injection vulnerability in Open-Xchange OX APP Suite 7.10.5
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.
local
low complexity
open-xchange CWE-94
3.6
2021-11-19 CVE-2021-22053 Code Injection vulnerability in VMWare Spring Cloud Netflix
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates.
network
low complexity
vmware CWE-94
6.5
2021-11-15 CVE-2021-41269 Code Injection vulnerability in Cron-Utils Project Cron-Utils
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them.
6.8
2021-11-13 CVE-2021-41653 Code Injection vulnerability in Tp-Link Tl-Wr840N Firmware
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
network
low complexity
tp-link CWE-94
critical
10.0
2021-11-10 CVE-2021-33816 Code Injection vulnerability in Dolibarr 13.0.2
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
network
low complexity
dolibarr CWE-94
7.5
2021-11-10 CVE-2021-42296 Code Injection vulnerability in Microsoft 365 Apps and Office
Microsoft Word Remote Code Execution Vulnerability
6.9
2021-11-10 CVE-2021-42298 Code Injection vulnerability in Microsoft Malware Protection Engine
Microsoft Defender Remote Code Execution Vulnerability
network
microsoft CWE-94
critical
9.3
2021-11-10 CVE-2021-43208 Code Injection vulnerability in Microsoft 3D Viewer
3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-43209.
network
microsoft CWE-94
6.8
2021-11-09 CVE-2020-28419 Code Injection vulnerability in HP products
During installation with certain driver software or application packages an arbitrary code execution could occur.
network
hp CWE-94
6.8
2021-11-09 CVE-2021-43466 Code Injection vulnerability in Thymeleaf 3.0.12
In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.
network
thymeleaf CWE-94
6.8