Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-14 | CVE-2020-8349 | Code Injection vulnerability in Lenovo Cloud Networking Operating System An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. | 9.8 |
| 2020-10-04 | CVE-2017-18924 | Code Injection vulnerability in Oauth2-Server Project Oauth2-Server oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE. | 7.5 |
| 2020-10-02 | CVE-2020-24628 | Code Injection vulnerability in HPE KVM IP Console Switch G2 Firmware A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | 8.8 |
| 2020-10-02 | CVE-2020-18185 | Code Injection vulnerability in Pluxml 5.7 class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | 9.8 |
| 2020-10-02 | CVE-2020-26124 | Code Injection vulnerability in Openmediavault 2.1/5.0.0 openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. | 8.8 |
| 2020-10-01 | CVE-2020-15227 | Code Injection vulnerability in multiple products Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. | 9.8 |
| 2020-09-30 | CVE-2020-8243 | Code Injection vulnerability in multiple products A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | 7.2 |
| 2020-09-30 | CVE-2019-20920 | Code Injection vulnerability in Handlebarsjs Handlebars Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. | 8.1 |
| 2020-09-25 | CVE-2020-15371 | Code Injection vulnerability in Broadcom Fabric Operating System Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. | 9.8 |
| 2020-09-25 | CVE-2019-7177 | Code Injection vulnerability in Pexip Infinity Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin. | 7.2 |