Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2013-2267 | Code Injection vulnerability in Fudforum 3.0.4 PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system. | 7.2 |
| 2020-01-11 | CVE-2020-6836 | Code Injection vulnerability in Hot-Formula-Parser Project Hot-Formula-Parser grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. | 9.8 |
| 2020-01-06 | CVE-2019-20343 | Code Injection vulnerability in Mojohaus Exec Maven 1.1.1 The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element). | 9.8 |
| 2020-01-05 | CVE-2019-20155 | Code Injection vulnerability in Determine Contract Lifecycle Management 5.4 An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. | 8.8 |
| 2019-12-19 | CVE-2019-7486 | Code Injection vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3/9.0.0.4 Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. | 8.8 |
| 2019-12-18 | CVE-2019-15599 | Code Injection vulnerability in Tree-Kill Project Tree-Kill 1.2.1 A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command. | 9.8 |
| 2019-12-18 | CVE-2019-15597 | Code Injection vulnerability in Node-Df Project Node-Df 0.1.4 A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input. | 9.8 |
| 2019-12-18 | CVE-2019-4716 | Code Injection vulnerability in IBM Planning Analytics IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. | 9.8 |
| 2019-12-06 | CVE-2019-10769 | Code Injection vulnerability in Safer-Eval Project Safer-Eval safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. | 9.8 |
| 2019-12-03 | CVE-2019-16885 | Code Injection vulnerability in Okay-Cms Okaycms In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. | 9.8 |