Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-29 | CVE-2021-23358 | Code Injection vulnerability in multiple products The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized. | 7.2 |
| 2021-03-19 | CVE-2021-27928 | Code Injection vulnerability in multiple products A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. | 7.2 |
| 2021-03-15 | CVE-2021-27230 | Code Injection vulnerability in Expressionengine ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory. | 8.8 |
| 2021-03-09 | CVE-2021-3411 | Code Injection vulnerability in multiple products A flaw was found in the Linux kernel in versions prior to 5.10. | 6.7 |
| 2021-03-09 | CVE-2021-21480 | Code Injection vulnerability in SAP Manufacturing Integration and Intelligence SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). | 8.8 |
| 2021-03-05 | CVE-2020-28502 | Code Injection vulnerability in Xmlhttprequest Project Xmlhttprequest This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. | 8.1 |
| 2021-03-04 | CVE-2021-23344 | Code Injection vulnerability in Totaljs Total.Js The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set. | 9.8 |
| 2021-02-27 | CVE-2021-25283 | Code Injection vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-25 | CVE-2021-3273 | Code Injection vulnerability in Nagios XI Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. | 7.2 |
| 2021-02-22 | CVE-2021-26120 | Code Injection vulnerability in multiple products Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | 9.8 |