Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-15 | CVE-2020-35734 | Code Injection vulnerability in Batflat 1.3.6 Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. | 7.2 |
| 2021-02-15 | CVE-2021-23337 | Code Injection vulnerability in multiple products Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | 7.2 |
| 2021-02-10 | CVE-2021-25251 | Code Injection vulnerability in Trendmicro products The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. | 7.2 |
| 2021-02-09 | CVE-2021-21477 | Code Injection vulnerability in SAP Commerce SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application. | 9.9 |
| 2021-02-09 | CVE-2021-26551 | Code Injection vulnerability in Smartfoxserver 2.17.0 An issue was discovered in SmartFoxServer 2.17.0. | 8.8 |
| 2021-02-08 | CVE-2021-21305 | Code Injection vulnerability in Carrierwave Project Carrierwave CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. | 8.8 |
| 2021-02-03 | CVE-2021-25770 | Code Injection vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution. | 9.8 |
| 2021-02-01 | CVE-2021-21277 | Code Injection vulnerability in Peerigon Angular-Expressions angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". | 8.8 |
| 2021-01-28 | CVE-2020-35754 | Code Injection vulnerability in Opensolution Quick.Cart and Quick.Cms OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab. | 7.2 |
| 2021-01-15 | CVE-2021-21248 | Code Injection vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 8.8 |