Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-01 | CVE-2020-6144 | Code Injection vulnerability in Os4Ed Opensis 7.4 A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. | 9.8 |
| 2020-09-01 | CVE-2020-6143 | Code Injection vulnerability in Os4Ed Opensis 7.4 A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. | 9.8 |
| 2020-09-01 | CVE-2020-15150 | Code Injection vulnerability in Duffel Paginator There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. | 9.8 |
| 2020-08-21 | CVE-2020-7710 | Code Injection vulnerability in Safe-Eval Project Safe-Eval This affects all versions of package safe-eval. | 9.8 |
| 2020-08-21 | CVE-2020-15070 | Code Injection vulnerability in Zulip Server Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value. | 8.8 |
| 2020-08-18 | CVE-2020-15865 | Code Injection vulnerability in Stimulsoft Reports 2013.1.1600.0 A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. | 9.8 |
| 2020-08-14 | CVE-2020-15142 | Code Injection vulnerability in Openapi-Python-Client Project Openapi-Python-Client In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. | 9.0 |
| 2020-08-14 | CVE-2020-10055 | Code Injection vulnerability in Siemens products A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). | 9.8 |
| 2020-08-10 | CVE-2020-8224 | Code Injection vulnerability in Nextcloud Desktop A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. | 7.8 |
| 2020-07-30 | CVE-2020-8218 | Code Injection vulnerability in multiple products A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | 7.2 |