Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-28 | CVE-2022-29813 | Code Injection vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible | 6.7 |
| 2022-04-28 | CVE-2022-29814 | Code Injection vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible | 7.7 |
| 2022-04-28 | CVE-2022-29815 | Code Injection vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible | 6.7 |
| 2022-04-28 | CVE-2022-29819 | Code Injection vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible | 7.7 |
| 2022-04-28 | CVE-2022-29821 | Code Injection vulnerability in Jetbrains Pycharm In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible | 7.7 |
| 2022-04-25 | CVE-2022-29078 | Code Injection vulnerability in EJS 3.1.6 The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. | 9.8 |
| 2022-04-11 | CVE-2022-22954 | Code Injection vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. | 9.8 |
| 2022-04-11 | CVE-2021-40219 | Code Injection vulnerability in Bolt CMS Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. | 8.8 |
| 2022-04-05 | CVE-2022-26982 | Code Injection vulnerability in Simplemachines Simple Machines Forum SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. | 7.2 |
| 2022-04-05 | CVE-2021-39114 | Code Injection vulnerability in Atlassian Confluence Data Center and Confluence Server Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. | 8.8 |