Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2021-39908 | Code Injection vulnerability in Gitlab In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. | 7.5 |
| 2022-04-01 | CVE-2022-1159 | Code Injection vulnerability in Rockwellautomation products Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. | 7.2 |
| 2022-04-01 | CVE-2022-22965 | Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | 9.8 |
| 2022-03-28 | CVE-2021-43097 | Code Injection vulnerability in Diyhi BBS 5.3 A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code. | 7.2 |
| 2022-03-25 | CVE-2021-26622 | Code Injection vulnerability in Genians Genian NAC 4.0.0/5.0.0/5.0.42 An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. | 10.0 |
| 2022-03-21 | CVE-2021-38745 | Code Injection vulnerability in Chamilo 1.11.14 Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. | 6.8 |
| 2022-03-20 | CVE-2021-39383 | Code Injection vulnerability in Diaowen Dwsurvey 3.2.0 DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. | 9.8 |
| 2022-03-18 | CVE-2022-25578 | Code Injection vulnerability in Taogogo Taocms 3.0.2 taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. | 9.8 |
| 2022-03-18 | CVE-2020-25197 | Code Injection vulnerability in GE Rt430 Firmware, Rt431 Firmware and Rt434 Firmware A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system. | 8.8 |
| 2022-03-17 | CVE-2020-15591 | Code Injection vulnerability in Uni-Stuttgart Frams' Fast File Exchange fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution). | 9.8 |