Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2022-26982 | Code Injection vulnerability in Simplemachines Simple Machines Forum SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. | 7.2 |
| 2022-04-05 | CVE-2021-39114 | Code Injection vulnerability in Atlassian Confluence Data Center and Confluence Server Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. | 8.8 |
| 2022-04-01 | CVE-2021-39908 | Code Injection vulnerability in Gitlab In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. | 7.5 |
| 2022-04-01 | CVE-2022-1159 | Code Injection vulnerability in Rockwellautomation products Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. | 7.2 |
| 2022-04-01 | CVE-2022-22965 | Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | 9.8 |
| 2022-03-28 | CVE-2021-43097 | Code Injection vulnerability in Diyhi BBS 5.3 A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code. | 7.2 |
| 2022-03-25 | CVE-2021-26622 | Code Injection vulnerability in Genians Genian NAC 4.0.0/5.0.0/5.0.42 An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. | 10.0 |
| 2022-03-21 | CVE-2021-38745 | Code Injection vulnerability in Chamilo 1.11.14 Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. | 6.8 |
| 2022-03-20 | CVE-2021-39383 | Code Injection vulnerability in Diaowen Dwsurvey 3.2.0 DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. | 9.8 |
| 2022-03-18 | CVE-2022-25578 | Code Injection vulnerability in Taogogo Taocms 3.0.2 taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. | 9.8 |