Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-13 | CVE-2021-41653 | Code Injection vulnerability in Tp-Link Tl-Wr840N Firmware The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | 9.8 |
| 2021-11-10 | CVE-2021-33816 | Code Injection vulnerability in Dolibarr Erp/Crm 13.0.2 The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. | 9.8 |
| 2021-11-09 | CVE-2021-43466 | Code Injection vulnerability in Thymeleaf 3.0.12 In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution. | 9.8 |
| 2021-11-05 | CVE-2021-41228 | Code Injection vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.8 |
| 2021-11-04 | CVE-2021-42057 | Code Injection vulnerability in Obsidian Dataview Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. | 7.8 |
| 2021-11-04 | CVE-2021-43281 | Code Injection vulnerability in Mybb MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. | 7.2 |
| 2021-11-02 | CVE-2021-42754 | Code Injection vulnerability in Fortinet Forticlient An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file. | 5.0 |
| 2021-11-01 | CVE-2021-25877 | Code Injection vulnerability in Youphptube AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. | 7.2 |
| 2021-11-01 | CVE-2021-40348 | Code Injection vulnerability in multiple products Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. | 8.8 |
| 2021-11-01 | CVE-2021-42574 | Code Injection vulnerability in multiple products An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. | 8.3 |