Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-09 | CVE-2021-21480 | Code Injection vulnerability in SAP Manufacturing Integration and Intelligence SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). | 8.8 |
| 2021-03-05 | CVE-2020-28502 | Code Injection vulnerability in Xmlhttprequest Project Xmlhttprequest This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. | 8.1 |
| 2021-03-04 | CVE-2021-23344 | Code Injection vulnerability in Totaljs Total.Js The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set. | 9.8 |
| 2021-02-27 | CVE-2021-25283 | Code Injection vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-25 | CVE-2021-3273 | Code Injection vulnerability in Nagios XI Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. | 7.2 |
| 2021-02-22 | CVE-2021-26120 | Code Injection vulnerability in multiple products Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | 9.8 |
| 2021-02-17 | CVE-2020-35339 | Code Injection vulnerability in 74Cms 5.0.1 In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server. | 9.8 |
| 2021-02-15 | CVE-2020-35734 | Code Injection vulnerability in Batflat 1.3.6 Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. | 7.2 |
| 2021-02-15 | CVE-2021-23337 | Code Injection vulnerability in multiple products Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | 7.2 |
| 2021-02-10 | CVE-2021-25251 | Code Injection vulnerability in Trendmicro products The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. | 7.2 |