Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-31 | CVE-2016-10546 | Code Injection vulnerability in Pouchdb An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. | 9.8 |
| 2018-05-31 | CVE-2016-10541 | Code Injection vulnerability in Shell-Quote Project Shell-Quote The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. | 9.8 |
| 2018-05-25 | CVE-2018-1133 | Code Injection vulnerability in Moodle An issue was discovered in Moodle 3.x. | 8.8 |
| 2018-05-11 | CVE-2018-1260 | Code Injection vulnerability in Pivotal Software Spring Security Oauth Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. | 9.8 |
| 2018-05-09 | CVE-2018-2418 | Code Injection vulnerability in SAP Maxdb Odbc Driver SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. | 9.8 |
| 2018-05-04 | CVE-2018-10740 | Code Injection vulnerability in Axublog 1.1.0 Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file. | 9.8 |
| 2018-05-02 | CVE-2018-1104 | Code Injection vulnerability in Redhat Ansible Tower Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. | 8.8 |
| 2018-05-02 | CVE-2018-10642 | Code Injection vulnerability in Combodo Itop Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval(). | 7.2 |
| 2018-05-01 | CVE-2018-8938 | Code Injection vulnerability in Progress Whatsup Gold A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). | 9.8 |
| 2018-04-30 | CVE-2018-10574 | Code Injection vulnerability in Bigtreecms Bigtree CMS site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files. | 9.8 |