Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-03-15 CVE-2021-27230 Code Injection vulnerability in Expressionengine
ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.
network
low complexity
expressionengine CWE-94
8.8
8.8
2021-03-09 CVE-2021-3411 Code Injection vulnerability in multiple products
A flaw was found in the Linux kernel in versions prior to 5.10.
local
low complexity
linux redhat CWE-94
6.7
6.7
2021-03-09 CVE-2021-21480 Code Injection vulnerability in SAP Manufacturing Integration and Intelligence
SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment).
network
low complexity
sap CWE-94
8.8
8.8
2021-03-05 CVE-2020-28502 Code Injection vulnerability in Xmlhttprequest Project Xmlhttprequest
This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl.
network
high complexity
xmlhttprequest-project CWE-94
8.1
8.1
2021-03-04 CVE-2021-23344 Code Injection vulnerability in Totaljs Total.Js
The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.
network
low complexity
totaljs CWE-94
critical
 9.8
9.8
2021-02-27 CVE-2021-25283 Code Injection vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-94
critical
 9.8
9.8
2021-02-25 CVE-2021-3273 Code Injection vulnerability in Nagios XI
Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component.
network
low complexity
nagios CWE-94
7.2
7.2
2021-02-22 CVE-2021-26120 Code Injection vulnerability in multiple products
Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.
network
low complexity
smarty debian CWE-94
critical
 9.8
9.8
2021-02-17 CVE-2020-35339 Code Injection vulnerability in 74Cms 5.0.1
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.
network
low complexity
74cms CWE-94
critical
 9.8
9.8
2021-02-15 CVE-2020-35734 Code Injection vulnerability in Batflat 1.3.6
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab.
network
low complexity
batflat CWE-94
7.2
7.2