Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-08 | CVE-2020-8180 | Code Injection vulnerability in Nextcloud Talk A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator. | 9.9 |
| 2020-06-03 | CVE-2020-7013 | Code Injection vulnerability in multiple products Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. | 7.2 |
| 2020-06-03 | CVE-2020-7012 | Code Injection vulnerability in Elastic Kibana Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. | 8.8 |
| 2020-06-03 | CVE-2020-13756 | Code Injection vulnerability in Sabberworm PHP CSS Parser Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker. | 9.8 |
| 2020-05-20 | CVE-2019-5997 | Code Injection vulnerability in Panasonic Video Insight VMS 7.3.2.5/7.5 Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors. | 9.8 |
| 2020-05-15 | CVE-2020-8149 | Code Injection vulnerability in Logkitty Project Logkitty Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. | 9.8 |
| 2020-05-12 | CVE-2020-11057 | Code Injection vulnerability in Xwiki In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. | 8.8 |
| 2020-05-12 | CVE-2020-6262 | Code Injection vulnerability in SAP Application Server Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. | 8.8 |
| 2020-05-12 | CVE-2020-6243 | Code Injection vulnerability in SAP Adaptive Server Enterprise 15.7/16.0 Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection. | 8.8 |
| 2020-05-07 | CVE-2020-10176 | Code Injection vulnerability in Assaabloy Yale Wipc-301W Firmware 2.X.2.29/2.X.2.43 ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands. | 9.8 |