Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-05-06 CVE-2022-24817 Code Injection vulnerability in Fluxcd Kustomize-Controller
Flux2 is an open and extensible continuous delivery solution for Kubernetes.
network
low complexity
fluxcd CWE-94
critical
 9.9
9.9
2022-05-06 CVE-2022-29171 Code Injection vulnerability in Sourcegraph
Sourcegraph is a fast and featureful code search and navigation engine.
network
low complexity
sourcegraph CWE-94
7.2
7.2
2022-04-28 CVE-2022-29813 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible
local
low complexity
jetbrains CWE-94
6.7
6.7
2022-04-28 CVE-2022-29814 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible
local
low complexity
jetbrains CWE-94
7.7
7.7
2022-04-28 CVE-2022-29815 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible
local
low complexity
jetbrains CWE-94
6.7
6.7
2022-04-28 CVE-2022-29819 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible
local
low complexity
jetbrains CWE-94
7.7
7.7
2022-04-28 CVE-2022-29821 Code Injection vulnerability in Jetbrains Pycharm
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible
local
low complexity
jetbrains CWE-94
7.7
7.7
2022-04-27 CVE-2022-24735 Code Injection vulnerability in multiple products
Redis is an in-memory database that persists on disk.
local
low complexity
redis fedoraproject netapp oracle CWE-94
7.8
7.8
2022-04-25 CVE-2022-29078 Code Injection vulnerability in EJS 3.1.6
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName].
network
low complexity
ejs CWE-94
critical
 9.8
9.8
2022-04-18 CVE-2022-0661 Code Injection vulnerability in AD Injection Project AD Injection 1.2.0.19
The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site scripting (XSS) vulnerability.
network
low complexity
ad-injection-project CWE-94
7.2
7.2