Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-12 | CVE-2021-21466 | Code Injection vulnerability in SAP Business Warehouse and Bw/4Hana SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. | 8.8 |
| 2021-01-08 | CVE-2020-35131 | Code Injection vulnerability in Agentejo Cockpit Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI. | 9.8 |
| 2021-01-06 | CVE-2020-8274 | Code Injection vulnerability in Citrix Secure Mail Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. | 6.5 |
| 2020-12-18 | CVE-2020-20298 | Code Injection vulnerability in Zzzcms Zzzphp 1.7.2 Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | 9.8 |
| 2020-11-18 | CVE-2020-28367 | Code Injection vulnerability in Golang GO Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | 7.5 |
| 2020-11-18 | CVE-2020-28366 | Code Injection vulnerability in multiple products Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | 7.5 |
| 2020-11-17 | CVE-2020-11851 | Code Injection vulnerability in Microfocus Arcsight Logger 6.61/7.0/7.0.1 Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. | 9.8 |
| 2020-11-13 | CVE-2020-25557 | Code Injection vulnerability in Cmsuno Project Cmsuno 1.6.2 In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. | 8.8 |
| 2020-11-13 | CVE-2020-25538 | Code Injection vulnerability in Cmsuno Project Cmsuno 1.6.2 An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. | 8.8 |
| 2020-10-30 | CVE-2020-7373 | Code Injection vulnerability in Vbulletin vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. | 9.8 |