Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-09 | CVE-2021-21477 | Code Injection vulnerability in SAP Commerce SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application. | 9.9 |
| 2021-02-09 | CVE-2021-26551 | Code Injection vulnerability in Smartfoxserver 2.17.0 An issue was discovered in SmartFoxServer 2.17.0. | 8.8 |
| 2021-02-08 | CVE-2021-21305 | Code Injection vulnerability in Carrierwave Project Carrierwave CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. | 8.8 |
| 2021-02-03 | CVE-2021-25770 | Code Injection vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution. | 9.8 |
| 2021-02-01 | CVE-2021-21277 | Code Injection vulnerability in Peerigon Angular-Expressions angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". | 8.8 |
| 2021-01-28 | CVE-2020-35754 | Code Injection vulnerability in Opensolution Quick.Cart and Quick.Cms OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab. | 7.2 |
| 2021-01-15 | CVE-2021-21248 | Code Injection vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 8.8 |
| 2021-01-15 | CVE-2021-21244 | Code Injection vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 9.8 |
| 2021-01-12 | CVE-2021-21466 | Code Injection vulnerability in SAP Business Warehouse and Bw/4Hana SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. | 8.8 |
| 2021-01-08 | CVE-2020-35131 | Code Injection vulnerability in Agentejo Cockpit Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI. | 9.8 |