Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-11 | CVE-2020-5593 | Code Injection vulnerability in Zenphoto Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file. | 8.8 |
| 2020-06-10 | CVE-2020-7675 | Code Injection vulnerability in Cd-Messenger Project Cd-Messenger cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. | 9.8 |
| 2020-06-10 | CVE-2020-7674 | Code Injection vulnerability in Access-Policy Project Access-Policy 3.0.0/3.1.0 access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. | 9.8 |
| 2020-06-10 | CVE-2020-7673 | Code Injection vulnerability in Node-Extend Project Node-Extend node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. | 9.8 |
| 2020-06-10 | CVE-2020-7672 | Code Injection vulnerability in Mosc Project Mosc 1.0.0 mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. | 8.6 |
| 2020-06-08 | CVE-2020-8180 | Code Injection vulnerability in Nextcloud Talk A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator. | 9.9 |
| 2020-06-03 | CVE-2020-7013 | Code Injection vulnerability in multiple products Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. | 7.2 |
| 2020-06-03 | CVE-2020-7012 | Code Injection vulnerability in Elastic Kibana Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. | 8.8 |
| 2020-06-03 | CVE-2020-13756 | Code Injection vulnerability in Sabberworm PHP CSS Parser Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker. | 9.8 |
| 2020-05-20 | CVE-2019-5997 | Code Injection vulnerability in Panasonic Video Insight VMS 7.3.2.5/7.5 Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors. | 9.8 |