Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-27 | CVE-2020-7609 | Code Injection vulnerability in Node-Rules Project Node-Rules 3.0.0/4.0.2 node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. | 9.8 |
| 2020-04-14 | CVE-2020-5739 | Code Injection vulnerability in Grandstream products Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. | 8.8 |
| 2020-04-01 | CVE-2020-10948 | Code Injection vulnerability in Alienform2 Project Alienform2 2.0.2 Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. | 9.8 |
| 2020-04-01 | CVE-2019-9163 | Code Injection vulnerability in Marchnetworks Command Client 2.6.4/2.6.4.1 The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects. | 9.8 |
| 2020-03-25 | CVE-2020-5558 | Code Injection vulnerability in Cutephp Cutenews 2.0.1 CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors. | 8.8 |
| 2020-03-25 | CVE-2020-5553 | Code Injection vulnerability in Mailform 1.04 mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors. | 9.8 |
| 2020-03-23 | CVE-2020-7480 | Code Injection vulnerability in Schneider-Electric products A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data. | 9.8 |
| 2020-03-23 | CVE-2020-6650 | Code Injection vulnerability in Eaton UPS Companion UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. | 8.8 |
| 2020-03-20 | CVE-2020-8140 | Code Injection vulnerability in Nextcloud Desktop A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | 6.7 |
| 2020-03-20 | CVE-2020-8137 | Code Injection vulnerability in Blamer Project Blamer Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker. | 9.8 |