Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-06 | CVE-2020-8274 | Code Injection vulnerability in Citrix Secure Mail Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. | 6.5 |
| 2020-12-18 | CVE-2020-20298 | Code Injection vulnerability in Zzzcms Zzzphp 1.7.2 Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | 9.8 |
| 2020-11-18 | CVE-2020-28367 | Code Injection vulnerability in Golang GO Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | 7.5 |
| 2020-11-18 | CVE-2020-28366 | Code Injection vulnerability in multiple products Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | 7.5 |
| 2020-11-17 | CVE-2020-11851 | Code Injection vulnerability in Microfocus Arcsight Logger 6.61/7.0/7.0.1 Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. | 9.8 |
| 2020-11-13 | CVE-2020-25557 | Code Injection vulnerability in Cmsuno Project Cmsuno 1.6.2 In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. | 8.8 |
| 2020-11-13 | CVE-2020-25538 | Code Injection vulnerability in Cmsuno Project Cmsuno 1.6.2 An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. | 8.8 |
| 2020-10-30 | CVE-2020-7373 | Code Injection vulnerability in Vbulletin vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. | 9.8 |
| 2020-10-14 | CVE-2020-8349 | Code Injection vulnerability in Lenovo Cloud Networking Operating System An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. | 9.8 |
| 2020-10-04 | CVE-2017-18924 | Code Injection vulnerability in Oauth2-Server Project Oauth2-Server oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE. | 7.5 |