Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-13 | CVE-2022-24816 | Code Injection vulnerability in Geosolutionsgroup Jai-Ext JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. | 9.8 |
| 2022-04-11 | CVE-2022-22954 | Code Injection vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. | 9.8 |
| 2022-04-11 | CVE-2021-40219 | Code Injection vulnerability in Bolt CMS Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. | 8.8 |
| 2022-04-05 | CVE-2022-24780 | Code Injection vulnerability in Combodo Itop Combodo iTop is a web based IT Service Management tool. | 8.8 |
| 2022-04-05 | CVE-2022-26982 | Code Injection vulnerability in Simplemachines Simple Machines Forum SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. | 7.2 |
| 2022-04-05 | CVE-2021-39114 | Code Injection vulnerability in Atlassian Confluence Data Center and Confluence Server Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. | 8.8 |
| 2022-04-01 | CVE-2021-39908 | Code Injection vulnerability in Gitlab In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. | 7.5 |
| 2022-04-01 | CVE-2022-1159 | Code Injection vulnerability in Rockwellautomation products Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. | 7.2 |
| 2022-04-01 | CVE-2022-22965 | Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | 9.8 |
| 2022-03-28 | CVE-2021-43097 | Code Injection vulnerability in Diyhi BBS 5.3 A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code. | 7.2 |