Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-03-17 CVE-2022-25760 Code Injection vulnerability in Accesslog Project Accesslog
All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization.
network
low complexity
accesslog-project CWE-94
critical
 9.8
9.8
2022-03-16 CVE-2022-0811 Code Injection vulnerability in Kubernetes Cri-O
A flaw was found in CRI-O in the way it set kernel options for a pod.
network
low complexity
kubernetes CWE-94
8.8
8.8
2022-03-15 CVE-2022-25498 Code Injection vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.
network
low complexity
cuppacms CWE-94
critical
 9.8
9.8
2022-03-15 CVE-2022-0944 Code Injection vulnerability in Sqlpad
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.
network
low complexity
sqlpad CWE-94
7.2
7.2
2022-03-11 CVE-2021-44618 Code Injection vulnerability in Nystudio107 Seomatic 3.4.12
A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.
network
low complexity
nystudio107 CWE-94
critical
 9.8
9.8
2022-03-09 CVE-2022-0896 Code Injection vulnerability in Microweber
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.
network
low complexity
microweber CWE-94
8.8
8.8
2022-03-08 CVE-2021-43944 Code Injection vulnerability in Atlassian Jira Server
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented.
network
low complexity
atlassian CWE-94
7.2
7.2
2022-03-05 CVE-2022-0845 Code Injection vulnerability in Lightningai Pytorch Lightning
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
network
low complexity
lightningai CWE-94
critical
 9.8
9.8
2022-03-03 CVE-2022-22909 Code Injection vulnerability in Digitaldruid Hoteldruid 3.0.3
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.
network
low complexity
digitaldruid CWE-94
8.8
8.8
2022-03-01 CVE-2021-44238 Code Injection vulnerability in Ayacms Project Ayacms 3.1.2
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php,
network
low complexity
ayacms-project CWE-94
7.2
7.2