Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-13 | CVE-2020-25538 | Code Injection vulnerability in Cmsuno Project Cmsuno 1.6.2 An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. | 8.8 |
| 2020-10-30 | CVE-2020-7373 | Code Injection vulnerability in Vbulletin vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. | 9.8 |
| 2020-10-14 | CVE-2020-8349 | Code Injection vulnerability in Lenovo Cloud Networking Operating System An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. | 9.8 |
| 2020-10-04 | CVE-2017-18924 | Code Injection vulnerability in Oauth2-Server Project Oauth2-Server oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE. | 7.5 |
| 2020-10-02 | CVE-2020-24628 | Code Injection vulnerability in HPE KVM IP Console Switch G2 Firmware A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | 8.8 |
| 2020-10-02 | CVE-2020-18185 | Code Injection vulnerability in Pluxml 5.7 class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | 9.8 |
| 2020-10-02 | CVE-2020-26124 | Code Injection vulnerability in Openmediavault 2.1/5.0.0 openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. | 8.8 |
| 2020-10-01 | CVE-2020-15227 | Code Injection vulnerability in multiple products Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. | 9.8 |
| 2020-09-30 | CVE-2020-8243 | Code Injection vulnerability in Ivanti Connect Secure and Policy Secure A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | 7.2 |
| 2020-09-30 | CVE-2019-20920 | Code Injection vulnerability in Handlebarsjs Handlebars Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. | 8.1 |