Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-07 | CVE-2017-16082 | Code Injection vulnerability in Node-Postgres PG A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. | 9.8 |
| 2018-06-04 | CVE-2017-16020 | Code Injection vulnerability in Summit Project Summit Summit is a node web framework. | 9.8 |
| 2018-06-01 | CVE-2018-7951 | Code Injection vulnerability in Huawei products The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. | 8.8 |
| 2018-06-01 | CVE-2018-7950 | Code Injection vulnerability in Huawei products The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. | 8.8 |
| 2018-05-31 | CVE-2016-10546 | Code Injection vulnerability in Pouchdb An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. | 9.8 |
| 2018-05-31 | CVE-2016-10541 | Code Injection vulnerability in Shell-Quote Project Shell-Quote The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. | 9.8 |
| 2018-05-25 | CVE-2018-1133 | Code Injection vulnerability in Moodle An issue was discovered in Moodle 3.x. | 8.8 |
| 2018-05-11 | CVE-2018-1260 | Code Injection vulnerability in Pivotal Software Spring Security Oauth Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. | 9.8 |
| 2018-05-09 | CVE-2018-2418 | Code Injection vulnerability in SAP Maxdb Odbc Driver SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. | 9.8 |
| 2018-05-04 | CVE-2018-10740 | Code Injection vulnerability in Axublog 1.1.0 Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file. | 9.8 |