Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-02 | CVE-2020-26124 | Code Injection vulnerability in Openmediavault 2.1/5.0.0 openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. | 8.8 |
| 2020-10-01 | CVE-2020-15227 | Code Injection vulnerability in multiple products Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. | 9.8 |
| 2020-09-30 | CVE-2020-8243 | Code Injection vulnerability in Ivanti Connect Secure and Policy Secure A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | 7.2 |
| 2020-09-30 | CVE-2019-20920 | Code Injection vulnerability in Handlebarsjs Handlebars Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. | 8.1 |
| 2020-09-25 | CVE-2020-15371 | Code Injection vulnerability in Broadcom Fabric Operating System Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. | 9.8 |
| 2020-09-25 | CVE-2019-7177 | Code Injection vulnerability in Pexip Infinity Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin. | 7.2 |
| 2020-09-24 | CVE-2020-3513 | Code Injection vulnerability in Cisco IOS XE 16.12.1/17.2 Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. | 6.7 |
| 2020-09-24 | CVE-2020-3416 | Code Injection vulnerability in Cisco IOS XE 16.12.1/17.2 Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. | 6.7 |
| 2020-09-17 | CVE-2020-11804 | Code Injection vulnerability in Titanhq Spamtitan 7.07 An issue was discovered in Titan SpamTitan 7.07. | 8.8 |
| 2020-09-17 | CVE-2020-11803 | Code Injection vulnerability in Titanhq Spamtitan 7.07 An issue was discovered in Titan SpamTitan 7.07. | 8.8 |