Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-03 | CVE-2021-31630 | Code Injection vulnerability in Openplcproject Openplc V3 Firmware Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application. | 8.8 |
| 2021-08-02 | CVE-2021-24430 | Code Injection vulnerability in Optimocha Speed Booster Pack The Speed Booster Pack ? PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a PHP file, which could lead to RCE | 7.2 |
| 2021-08-02 | CVE-2017-18113 | Code Injection vulnerability in Atlassian Data Center and Jira The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution (RCE) vulnerability. | 8.8 |
| 2021-07-26 | CVE-2020-18172 | Code Injection vulnerability in Trezor Bridge 2.0.27 A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges. | 9.8 |
| 2021-07-23 | CVE-2021-25808 | Code Injection vulnerability in Bludit 3.13.1 A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. | 7.8 |
| 2021-07-22 | CVE-2021-1518 | Code Injection vulnerability in Cisco Firepower Device Manager On-Box A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. | 8.8 |
| 2021-07-21 | CVE-2021-32756 | Code Injection vulnerability in Manageiq ManageIQ is an open-source management platform. | 8.8 |
| 2021-07-16 | CVE-2021-32749 | Code Injection vulnerability in multiple products fail2ban is a daemon to ban hosts that cause multiple authentication errors. | 8.1 |
| 2021-07-12 | CVE-2021-23389 | Code Injection vulnerability in Totaljs Total.Js The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. | 9.8 |
| 2021-07-12 | CVE-2021-23390 | Code Injection vulnerability in Totaljs Total4 The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. | 9.8 |