Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-08-11 CVE-2021-37694 Code Injection vulnerability in Asyncapi Java-Spring-Cloud-Stream-Template
@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice.
local
low complexity
asyncapi CWE-94
7.8
2021-08-08 CVE-2021-38196 Code Injection vulnerability in Better-Macro Project Better-Macro
An issue was discovered in the better-macro crate through 2021-07-22 for Rust.
network
low complexity
better-macro-project CWE-94
critical
9.8
2021-08-04 CVE-2021-36800 Code Injection vulnerability in Akaunting
Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application.
network
low complexity
akaunting CWE-94
critical
9.1
2021-08-03 CVE-2021-31630 Code Injection vulnerability in Openplcproject Openplc V3 Firmware
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
network
low complexity
openplcproject CWE-94
8.8
2021-08-02 CVE-2021-24430 Code Injection vulnerability in Optimocha Speed Booster Pack
The Speed Booster Pack ? PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a PHP file, which could lead to RCE
network
low complexity
optimocha CWE-94
7.2
2021-08-02 CVE-2017-18113 Code Injection vulnerability in Atlassian Data Center and Jira
The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution (RCE) vulnerability.
network
low complexity
atlassian CWE-94
8.8
2021-07-26 CVE-2020-18172 Code Injection vulnerability in Trezor Bridge 2.0.27
A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges.
network
low complexity
trezor CWE-94
critical
9.8
2021-07-23 CVE-2021-25808 Code Injection vulnerability in Bludit 3.13.1
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
local
low complexity
bludit CWE-94
7.8
2021-07-22 CVE-2021-1518 Code Injection vulnerability in Cisco Firepower Device Manager On-Box
A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device.
network
low complexity
cisco CWE-94
8.8
2021-07-21 CVE-2021-32756 Code Injection vulnerability in Manageiq
ManageIQ is an open-source management platform.
network
low complexity
manageiq CWE-94
8.8