Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-10 | CVE-2018-13818 | Code Injection vulnerability in Symfony Twig Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. | 9.8 |
| 2018-07-06 | CVE-2018-3608 | Code Injection vulnerability in Trendmicro products A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. | 9.8 |
| 2018-07-06 | CVE-2017-1329 | Code Injection vulnerability in IBM products IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. | 5.4 |
| 2018-07-06 | CVE-2017-1248 | Code Injection vulnerability in IBM products IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. | 6.1 |
| 2018-07-06 | CVE-2017-1242 | Code Injection vulnerability in IBM products IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. | 5.4 |
| 2018-07-01 | CVE-2018-13043 | Code Injection vulnerability in multiple products scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. | 9.8 |
| 2018-06-29 | CVE-2018-12995 | Code Injection vulnerability in Onefilecms onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen. | 8.8 |
| 2018-06-29 | CVE-2018-12994 | Code Injection vulnerability in Onefilecms onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. | 8.8 |
| 2018-06-25 | CVE-2018-11587 | Code Injection vulnerability in Centreon and Centreon web There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. | 9.8 |
| 2018-06-18 | CVE-2018-12531 | Code Injection vulnerability in Metinfo 6.0.0 An issue was discovered in MetInfo 6.0.0. | 9.8 |