Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-10 | CVE-2020-7674 | Code Injection vulnerability in Access-Policy Project Access-Policy 3.0.0/3.1.0 access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. | 9.8 |
| 2020-06-10 | CVE-2020-7673 | Code Injection vulnerability in Node-Extend Project Node-Extend node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. | 9.8 |
| 2020-06-10 | CVE-2020-7672 | Code Injection vulnerability in Mosc Project Mosc 1.0.0 mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. | 8.6 |
| 2020-06-08 | CVE-2020-8180 | Code Injection vulnerability in Nextcloud Talk A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator. | 9.9 |
| 2020-06-03 | CVE-2020-7013 | Code Injection vulnerability in multiple products Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. | 7.2 |
| 2020-06-03 | CVE-2020-7012 | Code Injection vulnerability in Elastic Kibana Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. | 8.8 |
| 2020-06-03 | CVE-2020-13756 | Code Injection vulnerability in Sabberworm PHP CSS Parser Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker. | 9.8 |
| 2020-05-20 | CVE-2019-5997 | Code Injection vulnerability in Panasonic Video Insight VMS 7.3.2.5/7.5 Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors. | 9.8 |
| 2020-05-15 | CVE-2020-8149 | Code Injection vulnerability in Logkitty Project Logkitty Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. | 9.8 |
| 2020-05-12 | CVE-2020-11057 | Code Injection vulnerability in Xwiki In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. | 8.8 |