Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-14 | CVE-2021-32820 | Code Injection vulnerability in Express Handlebars Project Express Handlebars Express-handlebars is a Handlebars view engine for Express. | 8.6 |
| 2021-05-11 | CVE-2021-27611 | Code Injection vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. | 6.7 |
| 2021-05-10 | CVE-2021-29502 | Code Injection vulnerability in Warnsystem Project Warnsystem WarnSystem is a cog (plugin) for the Red discord bot. | 6.5 |
| 2021-04-23 | CVE-2021-22205 | Code Injection vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. | 10.0 |
| 2021-04-23 | CVE-2021-22204 | Code Injection vulnerability in multiple products Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image | 7.8 |
| 2021-04-13 | CVE-2021-27602 | Code Injection vulnerability in SAP Commerce SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. | 9.9 |
| 2021-04-13 | CVE-2021-23281 | Code Injection vulnerability in Eaton Intelligent Power Manager 1.6/1.67 Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. | 10.0 |
| 2021-04-13 | CVE-2021-23277 | Code Injection vulnerability in Eaton products Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. | 10.0 |
| 2021-04-05 | CVE-2021-24209 | Code Injection vulnerability in Automattic WP Super Cache The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. | 7.2 |
| 2021-03-29 | CVE-2021-23358 | Code Injection vulnerability in multiple products The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized. | 7.2 |