Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-24 | CVE-2018-15728 | Code Injection vulnerability in Couchbase Server Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. | 8.8 |
| 2018-08-20 | CVE-2017-1753 | Code Injection vulnerability in IBM products Multiple IBM Rational products are vulnerable to HTML injection. | 5.4 |
| 2018-08-20 | CVE-2015-5243 | Code Injection vulnerability in PHPwhois Project PHPwhois phpWhois allows remote attackers to execute arbitrary code via a crafted whois record. | 9.8 |
| 2018-08-15 | CVE-2018-8346 | Code Injection vulnerability in Microsoft Windows 7 and Windows Server 2008 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. | 8.8 |
| 2018-08-15 | CVE-2018-8345 | Code Injection vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.5 |
| 2018-08-15 | CVE-2018-8344 | Code Injection vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
| 2018-08-06 | CVE-2018-14716 | Code Injection vulnerability in Nystudio107 Seomatic A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code. | 7.5 |
| 2018-08-06 | CVE-2016-4397 | Code Injection vulnerability in HP Network Node Manager I 10.00/10.10/10.20 A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software. | 7.8 |
| 2018-08-06 | CVE-2016-4391 | Code Injection vulnerability in HP Arcsight Winc Connector A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0. | 9.8 |
| 2018-08-03 | CVE-2018-14910 | Code Injection vulnerability in Seacms 6.61 SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). | 8.8 |