Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-04 | CVE-2022-23614 | Code Injection vulnerability in multiple products Twig is an open source template language for PHP. | 9.8 |
| 2022-02-04 | CVE-2021-44978 | Code Injection vulnerability in Idreamsoft Icms iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. | 9.8 |
| 2022-01-26 | CVE-2022-21686 | Code Injection vulnerability in Prestashop PrestaShop is an Open Source e-commerce platform. | 9.8 |
| 2022-01-26 | CVE-2021-46114 | Code Injection vulnerability in Jpress 4.2.0 jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. | 8.8 |
| 2022-01-26 | CVE-2021-46118 | Code Injection vulnerability in Jpress 4.2.0 jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. | 7.2 |
| 2022-01-26 | CVE-2021-46117 | Code Injection vulnerability in Jpress 4.2.0 jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. | 7.2 |
| 2022-01-25 | CVE-2021-45029 | Code Injection vulnerability in Apache Shenyu 2.4.0/2.4.1 Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. | 9.8 |
| 2022-01-21 | CVE-2022-0323 | Code Injection vulnerability in Mustache Project Mustache Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1. | 8.8 |
| 2022-01-20 | CVE-2022-23120 | Code Injection vulnerability in Trendmicro Deep Security Agent 20.0 A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. | 7.8 |
| 2022-01-20 | CVE-2021-44734 | Code Injection vulnerability in Lexmark products Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device. | 9.8 |