Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-10 | CVE-2022-24429 | Code Injection vulnerability in Convert-Svg-Core Project Convert-Svg-Core The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. | 7.8 |
| 2022-06-09 | CVE-2022-2014 | Code Injection vulnerability in Diagrams Drawio Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. | 5.4 |
| 2022-06-08 | CVE-2022-21122 | Code Injection vulnerability in Metarhia Metacalc 0.0.1 The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. | 9.8 |
| 2022-05-26 | CVE-2022-21831 | Code Injection vulnerability in multiple products A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. | 9.8 |
| 2022-05-24 | CVE-2022-29221 | Code Injection vulnerability in multiple products Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. | 8.8 |
| 2022-05-21 | CVE-2022-29216 | Code Injection vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.8 |
| 2022-05-16 | CVE-2021-27446 | Code Injection vulnerability in Weintek products The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system. | 9.8 |
| 2022-05-12 | CVE-2022-29307 | Code Injection vulnerability in Ionizecms Ionize 1.0.8.1 IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php. | 9.8 |
| 2022-05-11 | CVE-2021-42651 | Code Injection vulnerability in Pentest Collaboration Framework Project Pentest Collaboration Framework 1.0.8 A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/. | 8.8 |
| 2022-05-09 | CVE-2022-23332 | Code Injection vulnerability in Ejointech products Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. | 8.8 |