Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-06 | CVE-2019-20343 | Code Injection vulnerability in Mojohaus Exec Maven 1.1.1 The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element). | 9.8 |
| 2020-01-05 | CVE-2019-20155 | Code Injection vulnerability in Determine Contract Lifecycle Management 5.4 An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. | 8.8 |
| 2019-12-19 | CVE-2019-7486 | Code Injection vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3/9.0.0.4 Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. | 8.8 |
| 2019-12-18 | CVE-2019-15599 | Code Injection vulnerability in Tree-Kill Project Tree-Kill 1.2.1 A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command. | 9.8 |
| 2019-12-18 | CVE-2019-15597 | Code Injection vulnerability in Node-Df Project Node-Df 0.1.4 A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input. | 9.8 |
| 2019-12-18 | CVE-2019-4716 | Code Injection vulnerability in IBM Planning Analytics IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. | 9.8 |
| 2019-12-06 | CVE-2019-10769 | Code Injection vulnerability in Safer-Eval Project Safer-Eval safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. | 9.8 |
| 2019-12-03 | CVE-2019-16885 | Code Injection vulnerability in Okay-Cms Okaycms In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. | 9.8 |
| 2019-12-03 | CVE-2019-3665 | Code Injection vulnerability in Mcafee Webadvisor Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site. | 6.5 |
| 2019-12-02 | CVE-2019-19502 | Code Injection vulnerability in Maleck Image Uploader and Browser for Ckeditor Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code. | 9.8 |